

Barely 3000 people used '123456' as their Gawker password - albertsun
http://blogs.wsj.com/digits/2010/12/13/the-top-50-gawker-media-passwords/

======
Xk
> A plurality of Gawker Media passwords are six characters long

A plurality of _brute forced_ Gawker Media passwords are six characters long.
Maybe this statistic is valid for all 1.5 million passwords, but that's quite
a lot of extrapolation. Taking the easiest 10% of passwords to brute force and
basing the data off that?

They mention this fact on the paragraph prior, and then seem to forget about
it: "In both cases, the datasets only include passwords that could be decoded
and aren’t necessarily representive [sic] of all users."

------
Qz
I'm not sure this even matters. Gawker accounts are for commenting on inane
media stories. If people used the same password for their email, that's one
thing, but I wouldn't be surprised if most had a harder password for their
email, and resorted to 123456 etc. for less important accounts.

~~~
radicaldreamer
According to this study
([http://www.pcworld.idg.com.au/article/355776/study_reveals_p...](http://www.pcworld.idg.com.au/article/355776/study_reveals_password_re-
use_rampant/)), the common user reuses passwords everywhere.

The 3000 who used 123456 might be outliers. The real danger of this leak is in
those who didn't think of Gawker as being a less important account and
therefore undeserving of their primary password.

------
rick888
I got two emails today claiming to be from gawker, telling me to change my
password.

Both were phishing emails that pointed to a domain in China and another in
India. These guys move fast

~~~
ra
I got a seemingly genuine email from Gawker entitled, "Gawker Comment Accounts
Compromised -- Important"

Although I don't believe my email address was in the dump.

~~~
mattmillr
I got that as well. I'm certain my email isn't in the dump (downloaded the
torrent to double- and triple-check).

I thought is was strange they used a URL shortener with an uncommon TLD (.kr)
to point to the FAQ lifehacker. Seems you'd want to be as unsuspicious as
possible in this situation.

~~~
ra
Actually I just realised that while my email wasn't in the dump, my username
was.

I didn't find it myself with grep, but I did find it using this utility:
<http://news.ycombinator.com/item?id=1999373>

------
riffic
I've got the same combination on my luggage

------
Tichy
My favorite is always the people who go the extra length and use '12345678'.

Also, why are Jennifer and Michelle the first female names on the list? Are
they just the most common names for women?

And is there a story to "monkey"?

~~~
wgj
> And why, oh why, is “monkey” in the top 10?

I think 'monkey' has always been a top ten password, not just for Gawker
users, but I have no idea why.

<http://modernl.com/article/top-10-most-common-passwords> (2006)

------
alanh
Why is the title here on HN “Barely”? Because it’s less than 1%?

~~~
xenophanes
It's not less than 1%. Look at the chart. 3k out of 188k

~~~
Xk
No, that would be 3k of 1.5 million. They would have tried the password
'123456' on all of the accounts.

EDIT: I just looked at the dataset and about half of them list NULL as the
password. ~3000/748,495 = ~.4%

------
jsz0
My favorite throwaway password is 'nopassword'

------
BluePoints
I'm curious how many were 'jesus' 'bible' and/or some other obvious one.

