Following the news Adobe’s network was breached by hackers who gained access to customers databases, including the details of around 3 million users, a security expert has unveiled the most widely used passwords that were used for accounts.
Unsurprisingly, you don’t even need to be a hacker to work out some of them, with ‘123456’ coming in as the most used, followed by ‘123456789’, ‘password’, and even ‘qwerty’ getting in there.
Jeremi Gosney, who trawled through the database of password cipher text in just three hours, said that: "The password hints were the most telling. An overwhelming number of people took the concept of a password hint too literally, and flat-out provided the password itself as the hint.
"By analysing thousands of password hints per ciphertext, and matching that information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. It took about three hours to determine what the top 100 passwords were with this method."
Security expert Graham Cluely said that: "The truth is that, in a screw-up of colossal proportions, Adobe didn’t protect the password data with a one-way cryptographic hashing algorithm.
"Instead, Adobe encrypted its password data with Triple DES (3DES) in ECB mode – an incredibly poor choice because it always produces the same output if you feed it the same input.
"In short, if you happened to choose the same password as someone else, Adobe will have been storing the byte-for-byte same encrypted ciphertext version of the password for each user.
"Furthermore, the leaked database included users’ plaintext password hints, helping to reveal what the most commonly used passwords were."
