Go to top of page

Weak passwords uncovered in large data breach

Priority Level: 
13 December 2017

You are advised to check you have strong and different passwords for all of your online accounts, following continued reporting that billions of people have had their logins and passwords exposed online.  

A large data dump including more than 1.4 billion email addresses, passwords, and other credentials has been found on the Dark Web.

Security shop 4iQ has discovered an online database that aggregates information from over 200 previous data exposures.

The database reveals peoples’ usernames and passwords for a number of different social media and other online accounts. If your credentials (usernames and passwords) become publically available, a criminal could use the information to login to your online accounts.

The database also shows that most people continue to use weak passwords. In this case the most common password used was 123456, followed by 123456789, qwerty, password and 111111.

Weak passwords make it easy for a cyber hacker to guess your password and gain access to your accounts. Additionally, individuals continue to reuse passwords for multiple accounts. If you reuse a password, then the risk of someone compromising multiple accounts is significantly increased.

For example, if you use ‘Password1’ as your password for your social media, internet banking, and email accounts, a hacker has a very good chance of cracking your password, and then being able to access all of your accounts. They can use the information gained from these accounts for financial crime, identity theft and sending phishing emails.

Staying Safe

Use strong passwords for all of your online accounts and avoid using information that may be included in your social networking profiles that could be used to crack your password. Create a different password for each of your online accounts so that if one password is stolen, not all of your accounts will be at risk.

Stay Smart Online recommends setting strong, unique passwords that:

  • are at least 12 characters long
  • mix upper and lower case letters, numbers and other symbols
  • use a passphrase to make them easy to remember, for example ‘horseshoe31#’
  • use two-factor authentication whenever possible.

Do not include:

  • recognisable words or names, in any language
  • repeated characters
  • personal information—especially information that is included in your social media profiles
  • anything you have previously used.

More information

Stay Smart Online has advice on setting up secure passwords on our passwords and passphrases page.

For more information on two-factor authentication, read our advice on our website.

For more information about using social media safely, go to our socialising online page.