The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

123456 - 23.2 Million Cyber Victims Used This Password

23.2 million victims worldwide were caught out by using 123456 as their password.
28 June 2019 | Updated 08 July 2019

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as their password.

Brits have been urged to apply steps to stay safe online after results of the UK Cyber Survey exposed exploitable gaps in their personal security knowledge and businesses have been warned to say no to weak passwords being used by employees. the UK National Cyber Security Centre (NCSC) is urging the use of three random words rather than a single word such as a name or a football team.

Amongst the results – which have been published in full on - were that:

  • Only 15% of individuals say they know a great deal about how to protect themselves from harmful activity.

  • The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021.

  • 89% use the internet to make online purchases – with 39% on a weekly basis. Much of this is done from a work or BYOD computer or phone.

  • One in three rely on friends and family for help on cyber security rather than their employer.

  • Young people more likely to be privacy conscious and careful of what details they share online.

  • 61% of internet users check social media daily.

  • 70% always use PINs and passwords for smart phones and tablets.

  • Less than half do not always use a strong, separate password for their main email account.

The NCSC has also published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.

The results show a huge number of regularly used passwords breached to access sensitive information.

The most used were Premier League football teams; musicians; fictional characters; and names - ashley was used 432,276 times. liverpool (280,723); blink182 (285,706); superman (333,139); michael (425,291); chelsea (216,677; 50cent (191,153); qwerty (3.8m); manutd (59,440); batman (203,116).

Dr Ian Levy, NCSC Technical Director, said: “The NCSC has published lots of easily applicable advice to make individuals and businesses much less vulnerable.

“Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.

“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Tell employees to be creative and use words memorable to them, so people can’t guess your password.”

Margot James, DMCS’ Digital and Creative Industries Minister, said:  "Cyber security is a serious issue but there are some simple actions everyone can take to better protect against hackers. We shouldn't make their lives easy so choosing a strong and separate password for email accounts is a great practical step."

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: "Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work."



The compromised passwords were obtained from global breaches that are already in the public domain having been sold or shared by hackers.

The list was created after breached usernames and passwords were collected and published on Have I Been Pwned by international web security expert Troy Hunt. The website allows people to check if they have an account that has been compromised in a data breach.

Troy Hunt said: “Making good password choices is the single biggest control consumers have over their own personal security posture.

“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them. Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people and businesses create a more secure online presence.”

Picture: 23.2 million victims worldwide were caught out by using 123456 as their password.


Article written by Brian Shillibeer | Published 28 June 2019


Related Articles

Malicious Intent Is Biggest Threat to Personal Data

A social media poll has found that sixty-five per cent of respondents believe that humans pose the biggest threat to their personal data rather than cyber...

 Read Full Article
Denial Of Service Costs Escalate

A DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...

 Read Full Article
GDPR - What A Scam

GDPR has gifted scammers with a new hook for sending phishing emails. Many internet users are now receiving emails from organisations that they have online dealings with,...

 Read Full Article
GDPR - No Confidence In Compliance. Mobile Workers Are Biggest Hazard

Most companies are not confident of being fully compliant ahead of the GDPR deadline with the biggest fear being the loss of data on laptops and other mobile...

 Read Full Article
Gangsters' Paradise Leads To Jail Terms For Business Phishing Scam

Gangsters who altered business emails to rip-off more than £1 million have gone to jail. Two members of the Nigerian organised crime group who committed the fraud...

 Read Full Article
Working Securely Online – Cyber Hygiene

With more people working on the internet outside of monitored business networks, the risks of compromising company and personal data are increased. Concentration is...

 Read Full Article
Huawei The Lads – Clandestine Chinese Tech Co Gets Partial 5G OK

Restrictions should be placed on the use of high-risk 5G vendors such as Huawei – but that doesn't exclude the Chinese Government owned firm from being...

 Read Full Article
Learning To Be Tough On Weak Passwords

East Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat. It was 2017...

 Read Full Article
Most Organisations’ Biggest Security Concern Is Users

What Keeps You Up at Night – The 2019 Report looks at over 350 global organisations' security concerns and reveals people are the biggest perceived...

 Read Full Article
Attack On Critical National Infrastructure Imminent

Over half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...

 Read Full Article