Gawker hack exposes ridiculous password habits

Wondering what kinds of passwords people use across the Web? This week's massive Gawker hack is giving us a glimpse

Whew! Is it just me, or is it getting tough to keep track of all the info spilled via this week's massive Gawker hack?

The please-don't-call-it-Gawkergate Gawker hacking story sprung up over the weekend, when a group known as "Gnosis" apparently made its way into the servers of Gawker Media. Gawker Media, if you aren't aware, is a publication group that runs gossip blog Gawker (no big surprise there) along with a slew of other websites like Lifehacker, Gizmodo, and Jezebel.

Long story short, the hackers danced away with boatloads of secrets, including the e-mail addresses and passwords of more than a million Gawker users (and some Gawker staff members, too). Now, we're getting a glimpse at just how absurdly poor some of those passwords were.

Gawker Hack: The Password List

The data-diving crew from The Wall Street Journal analyzed some of the hacked Gawker data in order to find trends in people's password selections. They looked at a sample of 188,279 passwords that was decrypted and made public.

Among the most common passwords they found in the list:

• "123456." This was actually the most popular password of all. As far as I can tell, this indicates one of two things: (a) Lots of people are careless about security; (b) Lots of Gawker accounts belong to Elmo.

• "password." The second most popular password in the list. Evidently, some folks interpret the "Password" prompt as a CAPTCHA field.

• "lifehack." Did someone order an extra-large helping of irony?

• "qwerty." When in doubt, just run your fingers across the keyboard.

• "monkey." One of the more curious items in Gawker's password database. I blame Peter Gabriel.

• "letmein." When you think about it, it really is quite impressive: After all these years, this computing classic is still in style.

• "trustno1." Right. Especially people who use passwords like "trustno1."

• "passw0rd." Oh, do you see what they did there? It's like "password," but not. Good one.

• "cheese." Mmm...cheese. What were we talking about, again?

Ah, yes -- passwords. Perhaps the most surprising twist in all of this is that Gawker's staff didn't do much better. According to Forbes, 15 Gawker staffers had passwords consisting of common words (or "slight variations thereof"). One staff member reportedly used his own name followed by the number "1."

If you aren't sure why any of these scenarios are troubling, please smack yourself in the face (gently -- we don't need any lawsuits here). Then go read up on basic password hygiene, or just grab a utility like LastPass, named one of PCWorld's "Best Products of 2009." It'll generate complex passwords for you and store them securely in the cloud.

Curious if you're among the registered Gawker users whose info has been exposed, by the way? has created a handy tool to search the database for your username or e-mail address. If you find yourself listed, check out these tips for some suggestions on what to do next.

And for the love of cheese, never make your password "password" again.

JR Raphael is a PCWorld contributing editor and the co-founder of geek-humor site eSarcasm. You can find him on both Facebook and Twitter.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityGawker Mediahackersfirewallssecuritymobile securityinternetwireless security

More about CHAFacebookWall StreetWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by JR Raphael

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts