The Fraud Examiner

Data Breach Highlights People’s Predilection for Weak Passwords

December 2013 

By Mark Scott, J.D., CFE 


The recent news that the passwords and login credentials for approximately two million online accounts were stolen and posted online serves as a reminder of the importance of password security. The stolen credentials were for all kinds of user accounts, including those on Facebook, Google, Linkedin, Twitter, Yahoo and ADP payroll services.


The account credentials were harvested by a botnet, according to researchers at security firm Trustwave, who discovered the data while investigating the server that cyber criminals use to control the “Pony” botnet. A botnet is a network of Internet-connected computers that have been infected with malware that puts them under the command and control of a remote operator who uses the infected devices to carry out criminal activities.


Analysis of the Stolen Passwords  

The Trustwave researchers analyzed the compromised passwords to learn about the password habits of Internet users, and the analysis, like similar studies, demonstrated that many Internet users have poor password practices. In particular, the analysis revealed that many Internet users employ simple, predictable passwords, with the most common being “123456.” About half of the passwords contained only one character type, and many were derived from common keyboard patterns and swipes (e.g., 1234 and qwerty).

Sign In

Not a member? Click here to Join Now and access the full page.