Ever since I had my data hacked by Anonymous during the Stratfor hack (and updated my credit card… and subsequently some of my auto-payments at which point I sighed because I figured it was only a matter of time before I had to do it again), I’ve been reading articles about it.
One of the takeaways, according this article on Security News Daily entitled Stratfor Hack Shows Even Experts Use Bad Passwords, was that people used bad passwords. This isn’t news, hackers have exposed data all the time and we see many times that people use really easy-to-guess passwords. From the article:
Stratfor clients used easy-to-guess passwords such as, "123456, "11111111," and "123123." Other terribly insecure passwords: "111222333444," "12345678901," "administration," "123456789abc," "12345stratfor," "hello123," "lawenforcement" and "intelligence."
A batch of weak passwords played off the word itself, including, "password1234," "password101," "password123," "password122" and "Password999." In just under five hours, Haschat was able to crack 81,883 of the 860,160 leaked passwords.
"In the time it took to watch a movie, Hashcat smashed more than 80,000 passwords
Well, that’s pretty awful, now isn’t it? A bunch of weak, numeric-only passwords? Who would do such a thing!
You really have to wonder by what logic the article calls Stratfor subscribers “experts”? Anyone can sign up for Stratfor and read its delightfully entertaining articles. All you do is go to the site, create a username and password, and then go enter in your credit card information. Easy.
You don’t have to be an expert to do that, you just need to be interested in foreign policy. All this security breach told us (or rather, the point I am making in this post) is that people use insecure passwords.
But we don’t know that they use the same insecure password everywhere. One of these days somebody is going to have to do an analysis of that.
That’d be an article worth writing.