Image Map

22 Dec 2017

This Week in Getting Hacked: The Best and Worst Passwords of 2017 Edition

Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!

On to the links…


The password manager on Windows 10 is a fantastic way to steal your passwordSigh. A program called keeper, which is installed by default can apparently allow any website to steal any password. Great. Travis Ormandy, a Google researcher, said this about the bug:

password stealing bug in windows keeper

Allegedly, the developers of Keeper have issued a patch to fix this problem, which is good, but still. How does this happen?


The sensational headline will be to tell you that every single household in the United States has been exposed to a hack due to a massive leak. But in reality, it’s probably only 123 million Americans across billions of data points. So, nothing to worry about.

According to Infosecurity Magazine, this hack is comparable to the Equifax incident of earlier this year only because it affects nearly every household.

This time it’s (another) cloud storage “misconfiguration” which has exposed personally identifiable information (PII).

UpGuard Cyber Risk uncovered a data repository containing data from Alteryx which is a cloud-based data analytics firm. Alteryx is a partner of Experian, a consumer credit reporting agency (read: Equifax’s competitor). Oh geez. Credit companies need to get it together. For more information, please watch the following video from CNET:


Too many people are still using “Password” as their password in 2017. So basically, nothing’s really changed. Somehow “SplashData” scraped a bunch of passwords (that won’t come back to bite them anytime soon).

Over five million passwords were used in the survey and SplashData estimates that 10 percent of people (mostly in North American and Western Europe not surprisingly) are using at least one of the 25 worst passwords with 3 percent using the worst password.

Here’s the complete list:

  1. 123456
  2. Password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master
  21. hello
  22. freedom
  23. whatever
  24. qazwsx
  25. trustno1

My favorite is just “whatever,” with trustno1 also cracking me up. I have to change my passw0rd from “dragon,” to something a little harder to guess, and I suggest you do the same.

That’s it for this week. Stay safe out there and remember to change your password!

Leave a Reply