Last week, you may have received an email or two from LinkedIn detailing the steps you needed to take following a massive leak that involved 6.4 million passwords. Although most of the passwords were encoded, some were able to be decoded, and LinkedIn spent some time disabling accounts of those users with the cracked passwords. The big LinkedIn password leak coincided with other sites’ security breaches, including eHarmony and Last.fm.
LinkedIn has maintained that the passwords were the only pieces of information compromised in the leak.
“It’s important to know that compromised passwords were not published with corresponding email logins,” said LinkedIn’s Vicente Silveira. “At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves.”
Although it appears that everything is under control and being straightened out by LinkenIn, the password leak exposed something that shouldn’t really be a shock to anyone. Mainly, that people really suck at making passwords. And when I say “really suck” I mean that it’s actually depressing.
According to some analysis from online security company Rapid7, people are ridiculously fast and loose with their passwords. They tracked the top passwords that were cracked last week and the results are, well, just look at the top ten (in order):
Yes, you’re reading that right. Link. Plus, not one of those passwords are more than 5 characters and none of them utilize any sort of multiple character combinations.
Look down the list, the passwords don’t really get any better. “Bitch?” “Dick?” “Monkey.” C’mon people, it’s really not that hard. Check out Rapid7’s full infographic on the matter below: