18 comments

[ 3.6 ms ] story [ 58.0 ms ] thread
Why is the title here on HN “Barely”? Because it’s less than 1%?
I think it's supposed to be ironic
It's not less than 1%. Look at the chart. 3k out of 188k
No, that would be 3k of 1.5 million. They would have tried the password '123456' on all of the accounts.

EDIT: I just looked at the dataset and about half of them list NULL as the password. ~3000/748,495 = ~.4%

(comment deleted)
> A plurality of Gawker Media passwords are six characters long

A plurality of brute forced Gawker Media passwords are six characters long. Maybe this statistic is valid for all 1.5 million passwords, but that's quite a lot of extrapolation. Taking the easiest 10% of passwords to brute force and basing the data off that?

They mention this fact on the paragraph prior, and then seem to forget about it: "In both cases, the datasets only include passwords that could be decoded and aren’t necessarily representive [sic] of all users."

I'm not sure this even matters. Gawker accounts are for commenting on inane media stories. If people used the same password for their email, that's one thing, but I wouldn't be surprised if most had a harder password for their email, and resorted to 123456 etc. for less important accounts.
I wouldn't be surprised if most had a harder password for their email

If we were talking about Hacker News, or other programmer-oriented website, then I'd be inclined to agree. Unfortunately, Gawker is all about lowest-common-denominator fluff, and so attracts a lot of (for lack of better term, and please don't mistake this for hubris) "normal people." Normal people don't give nearly as much consideration to these matters as we do, and I'd expect a good majority of these people use the same password (or two) for damn near everything.

It's not uncommon for even technical people to reuse the same low-level passwords across multiple sites[1], but where we understand the importance of our email accounts as being a master key, regular folk aren't always so knowledgeable.

[1] http://www.codinghorror.com/blog/2009/05/i-just-logged-in-as...

My favorite is always the people who go the extra length and use '12345678'.

Also, why are Jennifer and Michelle the first female names on the list? Are they just the most common names for women?

And is there a story to "monkey"?

I've got the same combination on my luggage
I got two emails today claiming to be from gawker, telling me to change my password.

Both were phishing emails that pointed to a domain in China and another in India. These guys move fast

I got a seemingly genuine email from Gawker entitled, "Gawker Comment Accounts Compromised -- Important"

Although I don't believe my email address was in the dump.

I got that as well. I'm certain my email isn't in the dump (downloaded the torrent to double- and triple-check).

I thought is was strange they used a URL shortener with an uncommon TLD (.kr) to point to the FAQ lifehacker. Seems you'd want to be as unsuspicious as possible in this situation.

I'm curious how many were 'jesus' 'bible' and/or some other obvious one.
My favorite throwaway password is 'nopassword'