Earlier this week, blog publisher Gawker Media suffered a leak that released information about its users to the Internet. More than a million user names, email addresses, and passwords were posted online, and although most of the passwords were encrypted, nearly 190,000 of them were decoded and published as a part of the leak. The Wall Street Journal has taken a closer look at those passwords to see if there's anything to be learned, and it found a few interesting trends among the data.
As one might expect, there are loads of folks with lousy passwords. Among those that were decrypted, 123456, password, and 12345678 proved the most popular. Qwerty and abc123 also rank high on the list, as do the names of several of Gawker sites. However, the actual percentage of people using those passwords isn't all that high. The top three account for around 6,000 passwords, which is only 3% of the total released.
After cross-referencing the passwords with user email addresses, the WSJ found that people with Yahoo and Gmail accounts are more likely to have longer passwords than Hotmail users. The authors also discovered that Gmail users use passw0rd more often, while iloveyou is popular among folks with Hotmail and Yahoo accounts. The overall percentages for those passwords are still pretty low, though.
It's unclear whether this particular subset of passwords was decrypted because it was the easiest to decode or simply selected at random. The fact that these accounts were for Gawker's commenting system rather than, say, a banking site, is also worth considering. I've long used junk email addresses and simple passwords for similar accounts, and I suspect many of Gawker's tech-savvy users do the same.