The top 10 passwords from the Yahoo hack: Is yours one of them?

Summary:Imagine a list of 450,000 user passwords ordered from the most popular to the least popular. Can you guess the 10 most popular passwords? Here, I'll give you the first one: 123456. Bonus: here's how to check if your account was hacked.

Update on July 13 - Yahoo fixes flaw behind 450,000 account hack

The top 10 passwords from the Yahoo hack: Is yours one of them?
Yesterday the hacker group D33ds Company claimed responsibility for attacking a Yahoo service and exposing 453,492 plain text login credentials . Yahoo today confirmed 400,000 of its accounts were hacked, though it emphasized less than 5 percent of the credentials are valid . You can check whether your account was compromised here: Sucuri.

When you have 450,000 passwords, you can do a bit of analysis. ESET used the password analyser Pipal to compile some statistics (full data dump available on Pastebin).

First off, there were apparently only 442,773 passwords, contrary to the previously reported number I mentioned above. Secondly, 342,478 of them were unique, meaning that 100,295 passwords, or 22.65 percent of the total, were used by more than one person.

Here are the top 10 passwords from the Yahoo hack:

  1. 123456 = 1666 (0.38%)
  2. password = 780 (0.18%)
  3. welcome = 436 (0.1%)
  4. ninja = 333 (0.08%)
  5. abc123 = 250 (0.06%)
  6. 123456789 = 222 (0.05%)
  7. 12345678 = 208 (0.05%)
  8. sunshine = 205 (0.05%)
  9. princess = 202 (0.05%)
  10. qwerty = 172 (0.04%)

Here are the top 10 base words from the Yahoo hack:

  1. password = 1373 (0.31%)
  2. welcome = 534 (0.12%)
  3. qwerty = 464 (0.1%)
  4. monkey = 430 (0.1%)
  5. jesus = 429 (0.1%)
  6. love = 421 (0.1%)
  7. money = 407 (0.09%)
  8. freedom = 385 (0.09%)
  9. ninja = 380 (0.09%)
  10. writer = 367 (0.08%)

Here are the top 10 e-mail address domain names:

  • yahoo.com (31.07%)
  • gmail.com (24.14%)
  • hotmail.com (12.45%)
  • aol.com (5.76%)
  • comcast.net (1.93%)
  • msn.com (1.44%)
  • sbcglobal.net (1.17%)
  • live.com (0.97%)
  • verizon.net (0.68%)
  • bellsouth.net (0.64%)

If you have a Yahoo account, you should change your password, just to be on the safe side. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.

Update on July 13 - Yahoo fixes flaw behind 450,000 account hack

See also:

Topics: Security

About

Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.