/>
X

The top 10 passwords from the Yahoo hack: Is yours one of them?

Imagine a list of 450,000 user passwords ordered from the most popular to the least popular. Can you guess the 10 most popular passwords? Here, I'll give you the first one: 123456. Bonus: here's how to check if your account was hacked.
emil-protalinski.jpg
Written by Emil Protalinski, Contributor on

Update on July 13 - Yahoo fixes flaw behind 450,000 account hack

The top 10 passwords from the Yahoo hack: Is yours one of them?
Yesterday the hacker group D33ds Company claimed responsibility for attacking a Yahoo service and exposing 453,492 plain text login credentials. Yahoo today confirmed 400,000 of its accounts were hacked, though it emphasized less than 5 percent of the credentials are valid. You can check whether your account was compromised here: Sucuri.

When you have 450,000 passwords, you can do a bit of analysis. ESET used the password analyser Pipal to compile some statistics (full data dump available on Pastebin).

First off, there were apparently only 442,773 passwords, contrary to the previously reported number I mentioned above. Secondly, 342,478 of them were unique, meaning that 100,295 passwords, or 22.65 percent of the total, were used by more than one person.

Here are the top 10 passwords from the Yahoo hack:

  1. 123456 = 1666 (0.38%)
  2. password = 780 (0.18%)
  3. welcome = 436 (0.1%)
  4. ninja = 333 (0.08%)
  5. abc123 = 250 (0.06%)
  6. 123456789 = 222 (0.05%)
  7. 12345678 = 208 (0.05%)
  8. sunshine = 205 (0.05%)
  9. princess = 202 (0.05%)
  10. qwerty = 172 (0.04%)

Here are the top 10 base words from the Yahoo hack:

  1. password = 1373 (0.31%)
  2. welcome = 534 (0.12%)
  3. qwerty = 464 (0.1%)
  4. monkey = 430 (0.1%)
  5. jesus = 429 (0.1%)
  6. love = 421 (0.1%)
  7. money = 407 (0.09%)
  8. freedom = 385 (0.09%)
  9. ninja = 380 (0.09%)
  10. writer = 367 (0.08%)

Here are the top 10 e-mail address domain names:

  • yahoo.com (31.07%)
  • gmail.com (24.14%)
  • hotmail.com (12.45%)
  • aol.com (5.76%)
  • comcast.net (1.93%)
  • msn.com (1.44%)
  • sbcglobal.net (1.17%)
  • live.com (0.97%)
  • verizon.net (0.68%)
  • bellsouth.net (0.64%)

If you have a Yahoo account, you should change your password, just to be on the safe side. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.

Update on July 13 - Yahoo fixes flaw behind 450,000 account hack

See also:

Related

He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web
close-up-of-a-womans-hands-typing-on-a-keyboard-in-the-dark.jpg

Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web

Security
Southwest Airlines has cancelled 20,000 flights. Now for the really bad news
screen-shot-2021-07-07-at-4-01-12-pm.png

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Business