Analysis of passwords from the LinkedIn leak has revealed, should there be any doubt, that users remain terrible at choosing secure login credentials.

Last week a black hat hacker using the nickname Peace was revealed as attempting to sell 117 million LinkedIn users’ emails and passwords on the dark web.

“Peace” wants 5 BTC for the stash, delayed fruits of a well-publicised LinkedIn breach back in 2012.

LinkedIn said there is “no indication that this is result of a new security breach” even though the exposure of credentials has increased from a previously admitted 6.5 million records leak to a 117 million torrent. The business-focused social network said it intended to apply a password reset to potentially compromised accounts and urged users to enable two-step verification to further protect their LinkedIn accounts.

The most common Passwords:

  1. 123456
  2. linkedin
  3. password
  4. 123456789
  5. 12345678

“123456” appears more than a million times (1,135,936 to be precise) in the dump, a long way clear of second-placed LinkedIn (207k). The most common “base word” used in the passwords is, unsurprisingly “LinkedIn”.

Even outside the obvious security slip-up of using “123456”, “LinkedIn” or “password” as an, er, password, not enough users are using complex passwords capable of resisting brute force attacks.


Come on lads – Get more creative when it comes to picking those valuable passwords….