One month after announcing a corporate data raid affecting 2.9 million of their users, Adobe has found the extent of this breach to be even larger than initial estimates. The count of compromised users has increased to 38 million–13 times what they originally thought. The volume of leaked user data, while unfortunate, has provided an opportunity for security experts to analyze the passwords chosen by millions of users, and what they’ve found is alarming.
A couple of weeks after the breach came to surface, a large file including millions of Adobe usernames, passwords, and password hints was dumped online by AnonNews.org. While the passwords were encrypted, the hints were not–giving experts looking into the issue increased insight about the stolen passwords. This, coupled with some other factors, enabled security experts to decipher the 100 most common passwords in a matter of hours. So what, exactly, did they discover?
Experts found that most users continue to choose convenience over security when it comes to protecting their accounts. The top four passwords found in the Adobe data leak, representing nearly 3 million accounts, were “123456,” “123456789,” “password,” and “adobe123.” Variations of these 4 passwords can be found in abundance as one moves down the list (“123123,” “abc123,” etc.) Despite being urged to create stronger passwords, basic numeric and common sense codes continue to prevail. And even more distressing is the password hints to these easily crackable passwords, including such plain text clues as “123,” “numbers,” and “numeros.” Too many users are making it simple for cybercriminals to hack their way in.
While it’s alarming to see so many people neglecting to take their security into consideration when crafting a “secret” code, a lot can be learned from this Adobe breach–both for corporations and consumers. Moving forward, Adobe has committed to increasing protection for the passwords on their database. Facebook, too, has taken the opportunity to mine some of the data leaked during the breach in order to warn people who were using similar login details for both sites. Other major corporations would be wise to do the same.
As far as the everyday user is concerned–passwords are the key to protecting your online and offline security. There are several important tips to take into account when creating passwords:
- Avoid reusing passwords across multiple accounts. The risk associated with using an easily guessable password dramatically increases when used across accounts. Reusing passwords across the web can make your social media, email, and bank accounts even more vulnerable to hackers.
- Use strong passwords. It’s important to recognize characteristics common to the most popular passwords, so that you can avoid making these same mistakes when creating your own. Be sure to include a variation of upper and lower case letters, numbers, and symbols if possible. Lastly, remember to avoid using the names of family or pets, phone numbers, birthdates, and words that can be found in the dictionary.
- Change passwords multiple times a year. As easy as it is to set it and forget it, it’s extremely important to refresh your passwords on a regular basis, ideally every 3-6 months. Those who neglect to update their passwords may leave themselves exposed to cybercriminal attacks for prolonged periods of time.
- Think twice before sharing. When choosing security challenge questions for online accounts, be sure that the answer to those questions isn’t publicly shared elsewhere. It may be easy for cybercriminals to determine your mother’s maiden name and birth city from your social networking accounts–so in addition to choosing tough challenge questions, be cautious what you share.
- Use a password management tool. McAfee SafeKey, included with McAfee LiveSafe™ service, helps you create strong passwords, allows single click login to any site and ensures that your passwords are always secure, across all of your devices.
While it’s important for companies to guard the information we entrust them with, it’s also up to consumers to take strong measures to protect themselves. For the latest cyber security threats and news, be sure to follow us on Twitter @McAfeeConsumer and like us on Facebook.