If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Consumerist)   Stupid: Hack of dating site reveals 42 million plaintext passwords. Fail: 1.2 million were 111111. Double Fail: 1.9 million were "123456"   (consumerist.com) divider line 71
    More: Fail, clear messages, dating site, PR Newswire, passwords, Brian Krebs  
•       •       •

2641 clicks; posted to Geek » on 20 Nov 2013 at 3:12 PM (49 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



71 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-11-20 02:51:05 PM  
img.fark.net
 
2013-11-20 02:58:48 PM  
Nearly shiat my pants there when I saw the word "Cupid".

Had to double check to ensure that "ok" wasn't in front of it
 
2013-11-20 03:13:51 PM  

Ennuipoet: [img.fark.net image 533x356]


So wanted to be the one to say that... :)
 
2013-11-20 03:15:24 PM  

Ennuipoet: [img.fark.net image 533x356]


And done
 
2013-11-20 03:18:07 PM  
I wouldn't be surprised if some of the passwords were weak throwaways that are only used on sites they don't trust.

/my fark password is (relatively) weak
 
2013-11-20 03:18:28 PM  
Ric Romero here:  Its a well known fact that these sites create dummy accounts by the thousands to drum up the numbers and its very likely that 1.2 million were this site's own inventory of them.
 
2013-11-20 03:19:23 PM  

satanorsanta: I wouldn't be surprised if some of the passwords were weak throwaways that are only used on sites they don't trust.

/my fark password is (relatively) weak


Mine's G00dicecream7
 
2013-11-20 03:21:47 PM  

Ennuipoet: [img.fark.net image 533x356]


And we are done.
 
2013-11-20 03:22:05 PM  
I'd like to think humans really aren't as stupid to common sense as facts and statistics like to point out and articles like this don't help.. WTF are people thinking?
 
2013-11-20 03:22:28 PM  

maxheck: Ennuipoet: [img.fark.net image 533x356]

So wanted to be the one to say that... :)


You know I lurk on the Greelit page all day just waiting for these chances right :)  That is what TotalFark is all about!
 
2013-11-20 03:24:10 PM  
This is why pastors move a lot of prayer cloths, you know. There's a lot of dependably herd-like individuals on Earth.
 
2013-11-20 03:28:48 PM  

satanorsanta: I wouldn't be surprised if some of the passwords were weak throwaways that are only used on sites they don't trust.

/my fark password is (relatively) weak


Some, perhaps, but given that from 1960 to 1977 the secret 8 digit US Nuclear Launch code was "00000000", I doubt that most are.
 
2013-11-20 03:29:06 PM  
I hope those who are not too bright will not find a match to breed with.  The Internet is weeding the dumb ones out of the gene pool.
 
2013-11-20 03:30:07 PM  

BumpInTheNight: Ric Romero here:  Its a well known fact that these sites create dummy accounts by the thousands to drum up the numbers and its very likely that 1.2 million were this site's own inventory of them.


Thanks.. that makes the fact that I can't get any dates even more depressing.
 
2013-11-20 03:30:41 PM  
Mine is ICU812, is that bad?
 
2013-11-20 03:32:10 PM  
I was playing League of Legends with a friend of mine a while back, and two guys on our team were discussing the Champion skin one of them had just gotten (cosmetic piece that costs real money in a free game).

Now, I had deduced the two were young lads that didn't have the means to provide a credit card to purchase the item. They brought up some site that I looked up later, which was some sort of site that gave you "points" for willingly signing yourself up for a heapful of spam, spyware, and taking surveys. You then use the points to redeem for money I guess, which they decide to use on this game.

Basically he revealed that one thing that gave him "a lot of points" was to sign up for free accounts on Dating sites. Guessing by how many people play League of Legends (a lot), and how many of them are kids (I'm guessing a lot), it's not too far-fetched to speculate that a lot of the accounts with crummy passwords were made by kids trying to get points.

 Plus what BumpInTheRomero pointed out above.
 
2013-11-20 03:32:17 PM  
CSB, I met my fiancee on one of those Cupid sites.
 
2013-11-20 03:35:25 PM  

Obbi: Guessing by how many people play League of Legends (a lot), and how many of them are kids (I'm guessing a lot), it's not too far-fetched to speculate that a lot of the accounts with crummy passwords were made by kids trying to get points.


Good point. I've encountered these kind of marketing for points promotions in a lot of casual apps with stupid IAP.
 
2013-11-20 03:38:32 PM  

satanorsanta: I wouldn't be surprised if some of the passwords were weak throwaways that are only used on sites they don't trust.

/my fark password is (relatively) weak


Yeah, I have a bunch of easy to remember throw-away passwords

One of my Nickserv passwords is 12345678. It would have been 123456, but they wanted 8 characters.

I mean, its friggin IRC; no one is even gonna have the idea of testing passwords on IRC pop in there head.
 
2013-11-20 03:45:48 PM  

satanorsanta: I wouldn't be surprised if some of the passwords were weak throwaways that are only used on sites they don't trust.

/my fark password is (relatively) weak


Yah but even the unimportan stuff you should at least have both letters and numbers. Mixed case and special symbols on the really important stuff.
 
2013-11-20 03:48:17 PM  
hunter2
 
2013-11-20 03:49:36 PM  
IncorrectCamelCapacitorPaperclip

/you've already memorized it
 
2013-11-20 03:52:25 PM  
It blows me away how stupid people are. I mean, using 111111 or 123456 as a password? What dumb-a$$es.

/That's why I use password1
 
2013-11-20 03:54:25 PM  
use a different password for every website sounds like sage advice until even the stupidest websites in the world start wanting you to sign up and log in.  I don't give enough shiats to think of the over a hundred passwords for different sites many of which I will never log in to more than once.  This, 'sign up for access' shiat has got to go.
 
2013-11-20 03:59:41 PM  
But how many were of real members?
 
2013-11-20 04:00:28 PM  
People are more than welcome to be dumb. It's like being the faster of the two hunters being chased by an angry bear. You only have to outrun the other guy.
 
2013-11-20 04:01:04 PM  

Egoy3k: This, 'sign up for access' shiat has got to go.


My kid is having a party at school and the 'classroom moms' sent an email to parents to volunteer to send in things, water, treats, etc.

I have to sign up for "eventbrite" to acknowledge we would be there and then sign up for "Sign Up Genius" to pick what I would be volunteering to bring!!

Seriously!  2 websites I had to sign up for just to say "Yeah, I'll send in a case of water and some chips!"
 
2013-11-20 04:02:15 PM  
People with bad passwords are either....
1.)  Stupid people who don't understand basic security
2.)  People who don't care about access to a particular site
 
2013-11-20 04:02:28 PM  
Why is that stupid?  Would you have preferred it if those people had used the same password on a shady dating site as their bank accounts?
"Oh no! Somebody's going to pretend to be me and sign up for dates with fat chicks!"
 
2013-11-20 04:03:57 PM  

cman: Nearly shiat my pants there when I saw the word "Cupid".

Had to double check to ensure that "ok" wasn't in front of it


This!  My PW is pretty secure...but ya never know.
 
2013-11-20 04:06:01 PM  

Ambivalence: Yah but even the unimportan stuff you should at least have both letters and numbers. Mixed case and special symbols on the really important stuff.


MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento
 
2013-11-20 04:06:31 PM  

Spasticus Autisticus: It blows me away how stupid people are. I mean, using 111111 or 123456 as a password? What dumb-a$$es.

/That's why I use password1


you should try guest. No one ever thinks of that one.
 
2013-11-20 04:16:36 PM  
The people typing in 123456 as a password on a meaningless rooty poot dating site aren't really the stupid people.  The stupid people are the ones using the same "secure" password and username on a meaningless rooty poot  dating site that they're using for their really important financial accounts.
 
2013-11-20 04:18:25 PM  

Uchiha_Cycliste: Spasticus Autisticus: It blows me away how stupid people are. I mean, using 111111 or 123456 as a password? What dumb-a$$es.

/That's why I use password1

you should try guest. No one ever thinks of that one.


Do you happen to work for ISIS?
paragraphfilms.files.wordpress.com
 
2013-11-20 04:21:53 PM  
As long as they continue putting asterisks on your SSN when entered, I feel safe.

***-**-****

Still works!
 
2013-11-20 04:24:14 PM  

cman: Nearly shiat my pants there when I saw the word "Cupid".

Had to double check to ensure that "ok" wasn't in front of it


I checked several sites to make sure, too. Nothing like a common password to really mess things up.
 
2013-11-20 04:24:41 PM  

Caffienatedjedi: Uchiha_Cycliste: Spasticus Autisticus: It blows me away how stupid people are. I mean, using 111111 or 123456 as a password? What dumb-a$$es.

/That's why I use password1

you should try guest. No one ever thinks of that one.

Do you happen to work for ISIS?
[paragraphfilms.files.wordpress.com image 400x168]


No, I'm not an idio... *god damnit*
 
2013-11-20 04:27:10 PM  
I have an almost as lame password I use for sites that I don't really care if anyone got access to my account (no CC info or anything I care they got into to change), which a dating site (if I'm just using the free version) would probably fall under.
 
2013-11-20 04:27:43 PM  

elchupacabra: As long as they continue putting asterisks on your SSN when entered, I feel safe.

***-**-****

Still works!


lulz
 
ZAZ [TotalFark]
2013-11-20 04:28:00 PM  
Like I said in the last password thread, FTC and/or attorneys general should obliterate any company caught storing plaintext passwords. Techniques to avoid doing so and the reason to avoid doing so have been known for 40 years.
 
2013-11-20 04:33:59 PM  

Uchiha_Cycliste: Caffienatedjedi: Uchiha_Cycliste: Spasticus Autisticus: It blows me away how stupid people are. I mean, using 111111 or 123456 as a password? What dumb-a$$es.

/That's why I use password1

you should try guest. No one ever thinks of that one.

Do you happen to work for ISIS?
[paragraphfilms.files.wordpress.com image 400x168]

No, I'm not an idio... *god damnit*


Sigh....I so farking love "Archer".
 
2013-11-20 04:47:42 PM  

Fark_Guy_Rob: People with bad passwords are either....
1.)  Stupid people who don't understand basic security
2.)  People who don't care about access to a particular site


The scary part is that password crackers have gotten really good. Even passwords that should have taken trillions of years to brute-force are getting cracked. Nobody brute-forces anymore because they can try all the passwords that have been cracked before and are pulling phrases from Wikipedia, Project Gutenberg, and the Bible.
 
2013-11-20 04:49:45 PM  

InmanRoshi: The people typing in 123456 as a password on a meaningless rooty poot dating site aren't really the stupid people.  The stupid people are the ones using the same "secure" password and username on a meaningless rooty poot  dating site that they're using for their really important financial accounts.


BINGO!

It's not how strong your password is, but where you use it.

Note that the worse thing to happen to someone with a "123456" password on this site, and only this site, is that they would have their dating account hacked. Whoopty shat. The people that had their "LKJ3l%$##09LKKkdf#" password on this site, and their bank account, have just given the world the password to their bank account.
 
2013-11-20 04:53:26 PM  

BumpInTheNight: Ric Romero here:  Its a well known fact that these sites create dummy accounts by the thousands to drum up the numbers and its very likely that 1.2 million were this site's own inventory of them.


This.

If those accounts were attached to real people the passwords would have been the football team of the city their in or the closest city to them. And the beauty of this theory is that the term football can be used world wide in this instance.
 
2013-11-20 04:55:18 PM  

Crudbucket: CSB, I met my fiancee on one of those Cupid sites.


Hey, buddy, a lot of people met your fiancee on one of those Cupid sites.....
 
2013-11-20 04:59:07 PM  

Egoy3k: use a different password for every website sounds like sage advice until even the stupidest websites in the world start wanting you to sign up and log in.  I don't give enough shiats to think of the over a hundred passwords for different sites many of which I will never log in to more than once.  This, 'sign up for access' shiat has got to go.


Well, what you do is have a password for sites that wouldn't matter if someone cracked (like espn, sports forums and fark of course) and a much more secure set of passwords that you update for sites that matter (banks, paypal etc....)
 
2013-11-20 04:59:45 PM  
A tip I give to friends and family is the 'core' password system. You pick a core password that is at least 6 characters, then add the websites first letter on the front of the password, and the last letter of the website to the back of the password. This ensures a separate password for each website, yet makes it wasy to remember all the passwords.

so with a core of '123456', a password for Fark.com would be 'F123456k'

Great trick to teach lazy people.
 
2013-11-20 05:05:01 PM  
Answer: 42

Question: What is the dumbest password in all of Geekdom and Nerdistan?

I would also accept "What is the most common password in all of Geekdom and Neristan?"
 
2013-11-20 05:10:06 PM  

melkson: A tip I give to friends and family is the 'core' password system. You pick a core password that is at least 6 characters, then add the websites first letter on the front of the password, and the last letter of the website to the back of the password. This ensures a separate password for each website, yet makes it wasy to remember all the passwords.

so with a core of '123456', a password for Fark.com would be 'F123456k'

Great trick to teach lazy people.


well, you don't always want Fark, Facebook, and Financial Bank to have the same password.

I use a tiered system that I can modify by complexity rules.  I take a word in English, translate it to spanish, then misspell it in a way I can remember.  i.e. "cat' becomes "gato" becomes "gattoe".  If I need mixed case, I capitalize the first letter "Gattoe".  If I need numbers, I replace the first vowel ("g4ttoe").  If I need to rotate monthly I put !monthYear at the end (G4ttoe!nov2014)

So, different root word for what I consider to be different tiers of sites, but otherwise the same.  A human who looked at one site's plaintext could easily figure out the password for a same-tiered site with different complexity rules, but I'm already just as farked if you get into one of my bank accounts as all of them.
 
2013-11-20 05:11:58 PM  
Nerdistan.
 
Displayed 50 of 71 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report