23.2 Million Hack Victims Used '123456" As Their Password

A shocking number of people who have been hacked used mind-numbingly simple passwords, according to a breach analysis conducted on behalf of the UK's National Cyber Security Centre (NCSC). 

According to data obtained from the website "Haver I Been Pwned," more than 23 million people who were hacked used the password '123456,' followed by '123456789' (7.7 million) and 'qwerty' (3.8 million). 

Top 10 most-frequently used passwords by hack victims: 

  • 123456 
  • 123456789
  • qwerty
  • password
  • 111111
  • 12345678
  • abc123
  • 1234567
  • password1
  • 12345

Separate of the release, the NCSC conducted its first "UK Cyber Survey" ahead of their CYBERUK 2019 conference in Glasgow this week, which found among other things; 

  • Only 15% say they know a great deal about how to protect themselves from harmful activity
  • The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021
  • 89% use the internet to make online purchases – with 39% on a weekly basis 
  • One in three rely to some extent on friends and family for help on cyber security
  • Young people more likely to be privacy conscious and careful of what details they share online
  • 61% of internet users check social media daily, but 21% report they never look at social media
  • 70% always use PINs and passwords for smart phones and tablets
  • Less than half do not always use a strong, separate password for their main email account

"We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable," said NCSC technical director Dr. Ian Levy." 

Password re-use is a major risk that can be avoided - nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.

Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password. -Dr. Ian Levy

"Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work," said David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office. 

"This is a message we look forward to building on at CYBERUK 2019, an event that reaffirms our commitment to make Britain both the safest place in the world to be online and the best place to run a digital business." 

Read the cyber survey below: