Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Imperva releases detailed analysis of 32 million breached consumer passwords

  • 21 January, 2010 17:40

<p>SYDNEY, 22 January, 2010—Imperva, the leader in data security, announced today the release of study analysing 32 million passwords recently exposed in the breach. It highlights consumer susceptibility to cyber attack.</p>
<p>Imperva’s Application Defense Center (ADC) assessed the strength of the passwords before issuing a report, ‘Consumer Password Worst Practices’, which helps consumers and website administrators to identify the most commonly used passwords and cautions people to avoid these when using social networking or e-commerce sites.</p>
<p>The report can be downloaded at: (registration not required).</p>
<p>The most commonly used passwords identified are:
1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123</p>
<p>“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks. With only minimal effort, a hacker can gain access to one new account every second—or 1,000 accounts every 17 minutes,” said Imperva’s CTO Amichai Shulman.</p>
<p>“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine.”</p>
<p>Key findings of the study include:
• The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”
• Nearly 50 per cent of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is ‘123456’.
• Recommendations for users and administrators for choosing strong passwords.</p>
<p>For enterprises, password insecurity can have serious consequences. “Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456’,” said Shulman.</p>
<p>“The problem has changed very little over the past 20 years”, he added, referring to a 1990 Unix study that showed a password selection pattern similar to what consumers select today. “It’s time for everyone to take password security seriously - it’s an important first step in data security.”</p>
<p>Imperva will host a webinar detailing the study’s findings. To register, please sign up here:;t=a&amp;SourceID=004</p>
<p>About Imperva
Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit</p>
<p>Media queries
Grenadine Lau
Phone: +65.6749 4482
Mobile: +65.9666 1886
<p>David Frost
PR Deadlines Pty Ltd, for Imperva
Phone: +61.2.4341 5021
Mobile: +61 (0) 408 408 210

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place