123456: Millions of Adobe hack victims used horrible passwords

Millions of people use utterly atrocious passwords.

The hacking of Adobe that compromised tens of millions of accounts is no joke, but at least we can enjoy a little dark humor over users' predictably awful passwords.

The passwords were posted by Jeremi Gosney of Scricture Group, and reported by The Register.

Gosney noted that the list can't be verified in the absence of Adobe's encryption keys. But he said that with Adobe "choosing symmetric key encryption over hashing, selecting ECB mode, and using the same key for every password, combined with a large number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint," he's fairly confident in the list.

Here are the 20 most common passwords, followed by the number of Adobe users who used that password:

  • 1. 123456 - 1,911,938
  • 2. 123456789 - 446,162
  • 3. password - 345,834
  • 4. adobe123 - 211,659
  • 5. 12345678 - 201,580
  • 6. qwerty - 130,832
  • 7. 1234567 - 124,253
  • 8. 111111 - 113,884
  • 9. photoshop - 83,411
  • 10. 123123 - 82,694
  • 11. 1234567890 - 76,910
  • 12. 000000 - 76,186
  • 13. abc123 - 70,791
  • 14. 1234 - 61,453
  • 15. adobe1 - 56,744
  • 16. macromedia - 54,651
  • 17. azerty - 48,850
  • 18. iloveyou - 47,142
  • 19. aaaaaa - 44,281
  • 20. 654321 - 43,670

Of course, "123456" and "password" are at the top of the list, as they so often are. And whoever used "macromedia"--a throwback to the origins of Flash and Dreamweaver--probably thought they were being pretty clever.

If you're scratching your head over the apparent stupidity of the Adobe-using public, take comfort in the fact that the top 20 passwords only account for roughly 3 percent of the 130,324,429 Adobe user accounts Gosney was able to obtain. The vast majority of people are using passwords that are at least somewhat unique.

Adobe confirmed the security breach on October 3, revealing that hackers stole 2.9 million encrypted credit card numbers and expiration dates. A few weeks later, Krebs on Security reported that hackers stole login information for at least 38 million active users, and possibly more than 150 million total accounts (including inactive IDs and test accounts).

Hackers also made off with some of Adobe's source code for programs including Photoshop. Security experts have warned that the theft could reveal Adobe's vulnerabilities and security schemes, leading to a new generation of malware, viruses and exploits. Laugh it up while you can.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags hackersadobepasswordsAdobe Systems

More about Adobe SystemsMacromedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

More videos

Blog Posts