A number of large Internet companies have begun rolling out password reset procedures for potentially millions of users following the hack of Gawker Media.
Amazon, Twitter, LinkedIn, Yahoo and online game World of Warcraft have sent out millions of emails prompting their users to change their password. The action follows the compromise of Gawker Media’s database which saw masses of passwords revealed of users of the firms popular sites including Gizmodo and Lifehacker.
Despite the supposedly tech-savvy readership of Gawker’s web sites, the password 123456 was shown to be the most popular with over 3,000 instances in 188,000 of the details which were decrypted. Other cryptographically useless passwords such as ‘password’ and ‘qwerty’ and ‘letmein’ ranked highly.
The release triggered concern that users had used similarly weak passwords on the same sites with reports already emerging of hijacked Twitter and Facebook accounts as a result of the compromised Gawker data.
However the sorts of passwords disclosed are already well known to hackers and feature prominently in brute force dictionaries used to crack common passwords. The disturbing tendency of Internet users to not only use weak passwords but then to recycle the passwords across multiple sites represents a tempting target for hackers.
It’s a simple matter for online companies to similarly check their own user passwords against similar dictionaries and if found to be present, automatically trigger a password update process which is exactly what firms such as Amazon and LinkedIn have begun doing.
The Wall Street Journal’s Digits Blog published a list of the most popular passwords among Gawker users. It makes for shocking reading.
Advertisement
Related Stories
- Have your say: Does your business listen to complaints on Twitter? May 21st 2012 at 10:56AM
- Twitter reaches 10-million user milestone in the UK May 16th 2012 at 2:33PM
- Amazon planning a colour E-ink Kindle? May 11th 2012 at 4:03AM
- iOS update fixes bugs and security flaws May 8th 2012 at 5:45AM
- Microsoft fingers Chinese firm in RDP flaw leak May 4th 2012 at 3:00AM
- Follow the PCR Retail Boot Camp news on Twitter May 1st 2012 at 11:05AM
- Microsoft fixes '0-day' Hotmail flaw Apr 30th 2012 at 12:19AM
- Amazon launches Kindle Touch 3G in UK Apr 23rd 2012 at 2:03AM
- Global Payments breach of 1.5m credit cards Apr 3rd 2012 at 8:29AM
- Kindle Touch comes to the UK Mar 27th 2012 at 10:51PM
