Imperva Blog|Login|中文Deutsch日本語
Press Releases

Imperva Releases Detailed Analysis of 32 Million Breached Consumer Passwords

Data Security Firm's Report Highlights Consumer Susceptibility to Cyber Attack

Redwood Shores, CA – January 21, 2010 – Imperva, the leader in Data Security, announced today the release of study analyzing 32 million passwords recently exposed in the Rockyou.com breach. Imperva's Application Defense Center (ADC) analyzed the strength of the passwords in a report, Consumer Password Worst Practices, that analyzes 32 million passwords to help consumers and website administrators identify the most commonly used passwords they should avoid when using social networking or e-commerce sites.

The report can be downloaded at: http://www.imperva.com/ld/password_report.asp

The report identifies the most commonly used passwords:
  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes," explained Imperva's CTO Amichai Shulman. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

Some key findings of the study include:
  • The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".
  • Recommendations for users and administrators for choosing strong passwords.

For enterprises, password insecurity can have serious consequences. "Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456'," said Shulman.

"The problem has changed very little over the past 20 years," explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. "It's time for everyone to take password security seriously; it's an important first step in data security.

Imperva will host a webinar detailing the study's findings. To register, please sign up here:
https://imperva.webex.com/imperva/onstage/g.php?d=792179849&t=a&SourceID=004

About Imperva

Imperva is the global leader in data security. With more than 1,300 direct customers and 25,000 cloud customers, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems. For more information, visit www.imperva.com , follow us on Twitter or visit our blog.

# # #

Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contacts


North America
Katherine Nellums
Page One PR
Tel: (415) 321-2347
katherine@pageonepr.com

Europe
Neil Stinchcombe
Eskenzi PR
Tel: +44(0)20 71 832 833
neil@eskenzipr.com

Latin America
Leticia Rodriguez
G.P.A.
Tel: +55-52-5611 3183
leticia.rodriguez@global-position.com

Asia-Pacific
Grenadine Lau
Imperva
Tel: +65 6749 4482
grenadine.lau@imperva.com