
Millions of stolen Last.fm passwords have been decrypted. These are the top 50 - brakmic
http://qz.com/772977/millions-of-stolen-last-fm-passwords-have-been-decrypted-these-are-the-top-50/
======
tomp
I wonder how much passwords like "lastfm", "music" and "abcdefg123" are an
indication of people just being bad with security, as opposed to people just
not giving a damn... Amid the overflow of trivial sites requiring more and
more login details, is there really a value in having strong passwords?
Personally, I mostly don't care; I have strong passwords for important sites
(banks, online stores that have my credit card details), but for the rest of
logins, I use pretty trivial passwords - if someone "steals" my account, I'll
just create another one!

~~~
paulddraper
But what if they post snarky comments as you on HN?

~~~
totony
That would be disastrous.

~~~
SNvD7vEJ
na, no problem. 'tomp2' is still available

------
connoredel
I feel like this is misleading without the % share of the total. These top 50
represent 2.7% of the total. OK, that sounds bad, but I'm not really sure how
to interpret it.

Even if we get better at this, the top passwords will still be these, they'll
just be lower as a % of the total. So until we have 100% unique passwords,
this story will always be there, which just seems lazy.

------
ancarda
If you follow the link in the article to leakedsource.com, it says:

    
    
        Passwords were stored using unsalted MD5 hashing. 
    

It's 2016... why is this still happening?

~~~
LeoPanthera
Presumably because last.fm was created in 2002 and they never changed it.

------
onethumb
This has been my go-to for passwords for awhile. Top 100, 500, 1000, etc all
the way to millions.
[https://github.com/danielmiessler/SecLists/tree/master/Passw...](https://github.com/danielmiessler/SecLists/tree/master/Passwords)

------
thenewwazoo
I do hobby research into password guessing entropy and I'd love to get ahold
of these lists of in-the-wild passwords. Is there any good source for such
things? I don't need usernames, just "real" passwords (with frequency data if
I can get it).

~~~
LeoPanthera
[http://academictorrents.com/details/fd62cc1d79f595cbe1de6356...](http://academictorrents.com/details/fd62cc1d79f595cbe1de6356fb13c2165994e469)

~~~
thenewwazoo
Whoa! This is a great link and thank you but thank you even more for making me
aware of academictorrents.com.

I may never see the sunlight again.

