Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Top 50 Gawker Media Passwords

Posted by CmdrTaco on from the damn-they-guessed-mine dept.

wiredmikey writes "Readers of Gizmodo, Lifehacker and other Gawker Media sites may be among the savviest on the Web, but the most common password for logging into those sites is embarrassingly easy to guess: "123456." So is the runner-up: "password." On Sunday night, hackers posted online a trove of data from Gawker Media's servers, including the usernames, email addresses and passwords of more than one million registered users. The passwords were originally encrypted, but 188,279 of them were decoded and made public as part of the hack. Using that dataset, we found the 50 most-popular Gawker Media passwords."

9 of 209 comments (clear)

  1. Not Really Sold on the Correlations by eldavojohn · · Score: 4, Informative
    I don't know about the graphs and statistics they generated from this. First of all, you don't know how many out of the total set of users were stolen and the ones that were decrypted were probably the obvious ones (via rainbow tables? was Gawker using salt?). Perhaps this adds a bit of slant to any statistics generated? Anyway:

    A plurality of Gawker Media passwords are six characters long, but we wondered whether that and other results might differ based on the user’s email provider. Indeed, users of Google and Yahoo’s email services are more likely than Microsoft email users to have passwords of eight or more characters.

    Well, Hotmail and Yahoo! require six characters or more and Google requires eight characters or more. Explains the Google/Microsoft difference anyway: People are lazy. While you're statements aren't false, I fail to see their confidence or usefulness. Or are we just trying to pat ourselves on the back for using Google and being part of the "elite?" The funny thing is that if your password is showing up here, it's just as "strong" as the other ones that fell victim to this kind of attack! Regardless of length! Take your pick, "unicorns" or "$r-P_5"?

    Popular passwords vary, as well: Gmail users are bigger X-Files fans ("trustno1") and more likely to opt for the slightly clever variant "passw0rd."

    Or you're just staring at random data trying to make something out of it. "Slightly clever variant"? Ha, well, whoever decrypted this passwords had that one in mind, you know that for sure. Anything even remotely clever would not show up in here.

    Yahoo and Microsoft email users, meanwhile, are much more likely to get sappy with their passwords: "iloveyou."

    Come on, one example leads to that kind of generalization?

    --
    My work here is dung.
    1. Re:Not Really Sold on the Correlations by AndrewNeo · · Score: 4, Interesting

      That's what OpenID delegates are for. I have a page set up that I log in to OpenID sites with, and that page contains metatags to forward to the provider of my choice. Provider goes down, I can switch internally and never change my login URL.

  2. 123456? by oodaloop · · Score: 4, Funny

    What a coincidence! That's the combination to the airlock protecting the planet!

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  3. My password by Krneki · · Score: 4, Funny

    I guess I'm the only one to use ****** .

    --
    Love many, trust a few, do harm to none.
    1. Re:My password by jimicus · · Score: 5, Funny

      I'm sure someone else must use hunter2

    2. Re:My password by MacGyver2210 · · Score: 4, Funny

      You know, it just shows up as ******* when you type hunter2. Slashdot automatically blocks your password if you type it.

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
  4. I use a stupid password for stupid sites by gurps_npc · · Score: 5, Interesting
    When I create a profile for something like the Discovery Channel's forum, I don't care if someone hacks my account. It has no financial information and I am only using it to comment on Mythbusters.

    The idea that a password is neccessary for such an account is idiotic. No one cares about hacking it (or if you do, then you have an unhealthy obsession with TV).

    Gawker is a similar timewaster. Wasting your brain power to create/remember a good password for it is foolish.

    I see nothing wrong with using "123456" or "password" for it. I am also pretty sure that most intelligent people that use stupid passwords for stupid web sites, don't use stupid passwords for their bank account or their primary email (but maybe for an email they feed to spammers that offer 'deals' if you give them your email.)

    --
    excitingthingstodo.blogspot.com
  5. Perfect example: by gcnaddict · · Score: 4, Interesting

    One of my disposable passwords was exposed in the leak. (you can search the cracked list. my username is listed, along with a pass circa 2007)

    and today after checking my lists, I realized that I used the same password on both Slashdot (frequented!) and Digg (haven't visited since v4). Whatever, I changed it on both of these sites. I didn't bother touching it on Gawker now that I know I can't trust them to actually understand password security.

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    1. Re:Perfect example: by butalearner · · Score: 4, Informative

      If you want to check yourself, head to this Google Fusion table

      Instructions are right there on the page, but you take the md5sum of your email address (e.g. "echo -n email@address.com | md5sum") and check it against the list (click "Show Options" and selected MD5 = . This doesn't mean your password was decrypted, but at the very least the encrypted version is out there. You can check this other Google Fusion table for your password.