Adobe hack update: Not 3 million. Not 38 million. 130 million accounts.
You remember that story about Adobe getting a security breach that resulted in 3 million accounts being compromised? Well, it is actually 130 million accounts. And, if that wasn't bad enough, it appears that someone has published a Top 100 Adobe Passwords hit list. 123456 is the winner. Yes, 123456. No, we are sure. 123456 is the most used password in Adobe accounts that were recently hacked.
We do not (yet) have the keys Adobe used to encrypt the passwords of 130,324,429 users affected by their most recent breach. However, thanks to Adobe's selection of ECB mode and using the same key for every password, combined with a number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint, this is not preventing us from presenting you with this list of the top 100 passwords selected by Adobe users.While we are fairly confident in the accuracy of this list, we have no way to actually verify it right now. We don't have the keys, and Adobe is not letting any of the affected accounts log in until the owners reset their passwords. So, it is possible there is an error or two in here. Caveat emptor and such.
1.9 million people chose 123456 as their password of choice. I know, we keep repeating ourselves, but we are having a hard time digesting this stuff.
Realistically, we are all dumb enough to use throwaway passwords like, well, 123456, for things that don't matter. The password is tied to your email and often to our specific desktop or device. The real problem is if we are using the same dumb password, 123456 for example, for our email, our bank account etc. etc.
We can laugh at the idiocy of the people who use simple passwords, but maybe we should focus on the fact that most people can't and don't want to have tens of passwords to remember. So, given the choice, they are going to opt for something easy. Like 123456.
Adobe, on the other hand, doesn't get off so lightly. They are responsible for losing 130 million accounts to hackers. That's pretty damning.