Okay, I believe most of us already read or heard the new. Over 453, 000 Yahoo accounts have been hacked by D33ds Company group. If you haven't heard about it, Google it now. Pastebin dump: http://pastebin.com/QaDsh7NN
|Image from securitybydefault.com|
But there are two things that are really really mind-boggling about the hack:
2) Only 342,478 passwords are unique!!!
First, why on earth did a large tech company like Yahoo! stores non-encrypted passwords? Seriously, why??? Isn't password encryption is part of Database 101? This news leave me speechless
And then, over 100,000 passwords are not unique? Wow... Around 22% of the users should been given a wake up call
Okay, let see the top 10 passwords:
Here are the top 10 passwords from the Yahoo hack:
- 123456 = 1666 (0.38%)
- password = 780 (0.18%)
- welcome = 436 (0.1%)
- ninja = 333 (0.08%)
- abc123 = 250 (0.06%)
- 123456789 = 222 (0.05%)
- 12345678 = 208 (0.05%)
- sunshine = 205 (0.05%)
- princess = 202 (0.05%)
- qwerty = 172 (0.04%)
Here are the top 10 base words from the Yahoo hack:
- password = 1373 (0.31%)
- welcome = 534 (0.12%)
- qwerty = 464 (0.1%)
- monkey = 430 (0.1%)
- jesus = 429 (0.1%)
- love = 421 (0.1%)
- money = 407 (0.09%)
- freedom = 385 (0.09%)
- ninja = 380 (0.09%)
- writer = 367 (0.08%)
What 'base word' means (for those who can't figure it out) is that password have many variations, but all coming from the same word. For example;
fr33d0m ; FrEeDoM; freedom123 ; freeDOM007 ; freedoom ; etc... are all based on 'freedom'.
And take a look at all these passwords (and base words). Even if they are encrypted, how long do you think it would take a hacker to brute-force those passwords? A decent password dictionary would crack all the hashes is no time.
So, what I'm trying to say here is... Choose your passwords wisely. Make it uniquely yours and only yours... Scramble together your initials, nicknames, ID numbers, birthdays, anniversaries and everything else that unique to you. Then mesh them, and scramble them together until it looks more like this: Hy1238jFD5ank73@hg* . Now that is one tough nut to crack.