Just when everyone likes to point this finger at Russian hacker groups for some of the recent major-scale data breaches, the tables have turned. According to research by Leaked Source, Rambler.ru (kind of like the Russian equivalent of Yahoo) was breached and around 98 million users’ email and password combinations were exposed online.
Data breaches are kind of becoming old news, aren’t they? Just do a search for “latest data breach” and you’ll come up with dozens of entries just from that month’s activity alone. It’s actually such a serious problem that organizations like the Identity Theft Resource Center are warning the public about “data breach fatigue,” which happens when victims of a known breach fail to take the incident seriously.
But there’s something even more telling about the information from Leaked Source, and that’s the list of top password combinations that users rely on to protect their information and their accounts. Weak passwords and re-used passwords seem to be a global phenomenon, and it’s mind boggling that today’s tech user hasn’t been made aware of the danger. The more likely culprit goes back to “it won’t happen to me” syndrome, or even the previously mentioned data breach fatigue: if there’s nothing I can do to prevent breaches and hacking, why bother with the nuisance of a strong password or a password manager?
According to their data, more than 700,000 Rambler users relied on “asdasd” as their password (awfully close to a famous social media founder’s use of “dadada,” isn’t it?), while more than 400,000 people got a little bit more secure with “asdasd123.” Because everyone knows adding 123 to something is like locking it up in Ft. Knox? The close third place choice was the ever-popular “123456,” followed by people who didn’t want to bother with the trouble of sequential numbers and just went with “000000.”
It’s possible that part of the issue is in how account breaches occur, or more specifically, how users think breaches occur. Hackers don’t employ tech-sweatshops full of laborers to sit at computers and guess your account. There are bots that can handle that for them nicely, and do it with lightning speed. That’s why experts have long recommended–and apparently still need to get the word out–using a strong, unique password with between eight and twelve characters, containing a combination of uppercase, lowercase, numeric, and symbol characters.