Home > Cyber News > 49 Weakest Passwords in LinkedIn’s Data Breach 2016
CYBER NEWS

49 Weakest Passwords in LinkedIn’s Data Breach 2016

data-loss-prevention-data-breach-stforumHave you changed your LinkedIn password yet? As we wrote yesterday, the popular social network for professionals has been through a major data breach. To sum it up, 167 million compromised accounts, of which 117 million credentials with hashed passwords were up for sale on the Dark Web.

Read more about LinkedIn’s major data breach

LinkedIn’s Data Breach 49 Weakest Passwords

Leaked passwords were hashed with the SHA1 algorithm. The widely used secure hash algorithm has been the center of controversy, as more and more security researchers revealed its weaknesses throughout the past years.

As pointed out by both experts and advanced users, one of LinkedIn’s primary mistakes – not salting the passwords when the 2012 data breach was disclosed. What does salting mean? Adding “salt” to a password means adding random buffer bits to the encrypted data, making it harder to crack.

LeakedSource has already released a list of passwords that they succeeded to crack. They even published the top 49 most used passwords. It’s obvious that the frequency of data breaches hasn’t improved users’ password habits. Among the top passwords are “combinations” such as “123456”, “12345678”, and obvious choices like “linkedin”, “qwerty” and “password”.

Here’s the full list of released passwords:

Top 49 Passwords in LinkedIn's Data Breach
Rank Password Frequency
1. 123456 – 753,305
2. linkedin – 172,523
3. password – 144,458
4. 123456789 – 94,314
5. 12345678 – 63,769
6. 111111 – 57,210
7. 1234567 – 49,652
8. sunshine – 39,118
9. qwerty – 37,538
10. 654321 – 33,854
11. 000000 – 32,490
12. password1 – 30,981
13. abc123 – 30,398
14. charlie – 28,049
15. linked – 25,334
16. maggie – 23,892
17. michael – 23,075
18. 666666 – 22,888
19. princess – 22,122
20. 123123 – 21,826
21. iloveyou – 20,251
22. 1234567890 – 19,575
23. Linkedin1 – 19,441
24. daniel – 19,184
25. bailey – 18,805
26. welcome – 18,504
27. buster – 18,395
28. Passw0rd – 18,208
29. baseball – 17,858
30. shadow – 17,781
31. 121212 – 17,134
32. hannah – 17,040
33. monkey – 16,958
34. thomas – 16,789
35. summer – 16,652
36. george – 16,620
37. harley – 16,275
38. 222222 – 16,165
39. jessica – 16,088
40. GINGER – 16,040
41. michelle – 16,024
42. abcdef – 15,938
43. sophie – 15,884
44. jordan – 15,839
45. freedom – 15,793
46. 555555 – 15,664
47. tigger – 15,658
48. joshua – 15,628
49. pepper – 15,610

In addition, LinkedIn has made a statement saying that:

We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.

What should I Do to Secure My Passwords?

Option 1: Use a Password Manager

The average password manager would install itself as a browser plug-in and take care of password capture.

How will it work? When you log in to a secure website (HTTPS), the password manager would offer to save your logins. When you come back to that page, the manager will automatically fill in your credentials, and sometimes web forms. Most password managers offer a browser-toolbar menu of all saved logins to make it easier to log in to saved sites.

However, password managers are applications, and applications can be hacked as well. Nothing is completely secure nowadays. So we get to option 2.

Option 2: Improve Your Habits

Perhaps the best way to secure your passwords is the most obvious one – change your passwords frequently and use combinations of letters, numbers, symbols, and upper cases. Complex and long passwords make it difficult for attackers to carry out bruteforcing attacks.

Also, if your credentials have been compromised in a data breach, don’t recycle your old password. Make sure to create brand new passwords, following the tips above. You can check your passwords’ strenght via websites such as PasswordMeter.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree