RockYou hack shows '123456' remains a top password
A new report showing the top 10 hacked passwords during the RockYou.com cyber attack last year has highlighted the need for stronger passwords.


A list of most popular passwords has been released today as a result of the RockYou.com hack last year.
Data Security company Imperva analysed the 32 million passwords exposed due to the data breach on the social application site in 2009, showing the top ten which it says should be avoided when using social networking or e-commerce sites.
"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second or 1000 accounts every 17 minutes," said Imperva's chief technology officer (CTO) Amichai Shulman, in a statement.
Top of the list was 123456,' followed in second by 12345' and third by 123456789.' The seemingly obvious passwords continued with Password' coming in fourth place and iloveyou' in fifth.
The key point of the report is to make sure passwords avoid being short and simple, to make them as strong as possible.
There are also risks for businesses if users don't up their security game.
"Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like 123456'," added Shulman.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"The problem has changed very little over the past 20 years. It's time for everyone to take password security seriously; it's an important first step in data security."
Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.
Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.
-
HSBC says get back to the office or risk bonuses – and history shows it’s a tactic that might backfire
News HSBC is the latest in a string of financial services firms hoping to tempt workers back to the office.
-
Python’s popularity shows no signs of fading – here’s why software developers love it
News Python remains highly popular among developers for a number of key reasons, experts told ITPro.
-
I love magic links – why aren’t more services using them?
Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential security
News Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrency
News The hackers behind the LastPass breach are on a rampage two years after their initial attack
-
GitHub launches passkeys beta for passwordless authentication
News Users can now opt-in to using passkeys, replacing their password and 2FA method
-
Microsoft SQL password-guessing attacks rising as hackers pivot from OneNote vectors
News Database admins are advised to enforce better controls as attacks ending in ransomware are being observed
-
No, Microsoft SharePoint isn’t cracking users’ passwords
News The discovery sparked concerns over potentially invasive antivirus scanning practices by Microsoft
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacks
News The added layer of complexity aims to keep social engineering at bay
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?
News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?