Millions used '123456' as a password in breach affecting 42 million

Share this article:
Millions used '123456' as a password in breach affecting 42 million
Millions used '123456' as a password in breach affecting 42 million

Nearly 42 million names, email addresses and passwords belonging to clients of dating website company Cupid Media were reportedly discovered on the same server where hackers stored information stolen from Adobe, PR Newswire, LexisNexis and the National White Collar Crime Center (NW3C).

The credentials were stored in plaintext and nearly two million of the accounts used ‘123456' as a password, according to technology journalist Brian Krebs, who, along with Alex Holden, CISO at Hold Security, has been uncovering the details of these breaches. More than 1.2 million clients used ‘111111' as a password and nearly 575,000 used ‘123456789.'

Security firm Stricture Consulting Group revealed this month that ‘123456' was the password used by about two million of the roughly 38 million Adobe customers impacted in a breach disclosed in October. That incident involved the loss of credit card data and product source code, as well.

“It has become exceedingly clear over the last several years that password reuse is one of the most significant threats to average internet users,” Patrick Thomas, a security consultant at mobile and cloud security company Neohapsis, told SCMagazine.com in a Wednesday email.

Krebs said he heard from Andrew Bolton, managing director with Cupid Media, and Bolton told him that the number of impacted members who are active is less than 42 million. Bolton told Krebs that accounts had been compromised in a January breach, but Krebs said he could not find information on that incident.

“Organizations should secure the data itself through automated encryption, as well as control administrator access to systems containing sensitive data by implementing fine-grained access controls and role-based security,” Eric Chiu, president of cloud infrastructure control company HyTrust, told SCMagazine.com in a Wednesday email.

Krebs said Bolton told him that Cupid Media will be improving security and taking other measures to prevent a similar incident from occurring, including implementation of hashed and salted passwords.

Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."