Gawker Hack Exposes Ridiculous Password Habits

Whew! Is it just me, or is it getting tough to keep track of all the info spilled via this week's massive Gawker hack?

Gawker Hack

The please-don't-call-it-Gawkergate Gawker hacking story sprung up over the weekend, when a group known as "Gnosis" apparently made its way into the servers of Gawker Media. Gawker Media, if you aren't aware, is a publication group that runs gossip blog Gawker (no big surprise there) along with a slew of other websites like Lifehacker, Gizmodo, and Jezebel.

Long story short, the hackers danced away with boatloads of secrets, including the e-mail addresses and passwords of more than a million Gawker users (and some Gawker staff members, too). Now, we're getting a glimpse at just how absurdly poor some of those passwords were.

Gawker Hack: The Password List

The data-diving crew from The Wall Street Journal analyzed some of the hacked Gawker data in order to find trends in people's password selections. They looked at a sample of 188,279 passwords that was decrypted and made public.

Among the most common passwords they found in the list:

• "123456." This was actually the most popular password of all. As far as I can tell, this indicates one of two things: (a) Lots of people are careless about security; (b) Lots of Gawker accounts belong to Elmo.

• "password." The second most popular password in the list. Evidently, some folks interpret the "Password" prompt as a CAPTCHA field.

• "lifehack." Did someone order an extra-large helping of irony?

• "qwerty." When in doubt, just run your fingers across the keyboard.

• "monkey." One of the more curious items in Gawker's password database. I blame Peter Gabriel.

• "letmein." When you think about it, it really is quite impressive: After all these years, this computing classic is still in style.

• "trustno1." Right. Especially people who use passwords like "trustno1."

• "passw0rd." Oh, do you see what they did there? It's like "password," but not. Good one.

• "cheese." Mmm...cheese. What were we talking about, again?

Ah, yes -- passwords. Perhaps the most surprising twist in all of this is that Gawker's staff didn't do much better. According to Forbes, 15 Gawker staffers had passwords consisting of common words (or "slight variations thereof"). One staff member reportedly used his own name followed by the number "1."

If you aren't sure why any of these scenarios are troubling, please smack yourself in the face (gently -- we don't need any lawsuits here). Then go read up on basic password hygiene, or just grab a utility like LastPass, named one of PCWorld's "Best Products of 2009." It'll generate complex passwords for you and store them securely in the cloud.

Curious if you're among the registered Gawker users whose info has been exposed, by the way? Slate.com has created a handy tool to search the database for your username or e-mail address. If you find yourself listed, check out these tips for some suggestions on what to do next.

And for the love of cheese, never make your password "password" again.

JR Raphael is a PCWorld contributing editor and the co-founder of geek-humor site eSarcasm. You can find him on both Facebook and Twitter.

Subscribe to the Security Watch Newsletter

Comments