Most Hacked Passwords Revealed And They’re Ridiculous

by : Charlie Cocksedge on : 27 Apr 2019 20:14
cybersecurity agency reveals most hacked passwordscybersecurity agency reveals most hacked passwordsWikimedia Commons/Pixabay

When it comes to passwords, there seems to be no middle ground.

You either use the same simple one for everything so you can remember it, or you use one of those password generators that give you random combinations of upper and lower case letters, hashtags, question marks and a string of numbers you’ll never remember.

In which case, you end up writing them down, or keeping them on your phone, or even just letting the website remember your password for you, which all seem as risky as using a simple password in the first place.


In an effort to encourage people to change their easily hackable and simply guessable passwords, the National Cyber Security Centre (NCSC), teamed up with cybersecurity expert Troy Hunt – creator of Pwned Passwords API – to reveal the most commonly hacked passwords.

As Ian Levy, technical director of the NCSC said, via Fox Business:

Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band.


The agency sifted through the top 100,000 most hacked passwords, and revealed these as the top 10, which are even less imaginative than I would’ve thought.

They were:

1. 123456
2. 123456789
3. qwerty
4. password
5. 111111
6. 12345678
7. abc123
8. 1234567
9. password1
10. 12345

The top password, 123456, was identified 23 million times in breaches, while second place 123456789 was used 7.7 million times.

experts reveal most hacked passwordsexperts reveal most hacked passwordsUnited Artists

The NCSC also revealed the most frequently used names, musicians/bands, and fictional characters to be used as passwords.

The most common names were:

1. Ashley
2. Michael
3. Daniel
4. Jessica
5. Charlie


While the top five music-inspired passwords were:

1. Blink182
2. 50 Cent
3. Eminem
4. Metallica
5. Slipknot

I know what you’re thinking – why not just let everyone else change their passwords, then my passwords will be more unique. But no, if you have one of these passwords, or something equally easy to guess, you should probably change it. No one should have Blink182 as their password anyway.


Levy recommended ‘combining three random but memorable words’ together to create passwords instead. So, more Jon Bon Jovi than Slipknot? Probably not.

He added:

Be creative and use words memorable to you, so people can’t guess your password.

Having said that, using passwords that are easily associated with you is also dangerous, so the random element is important.

Just don’t leave your post-it note with all your passwords written on it lying around the office.

If you have a story you want to tell send it to UNILAD via [email protected]

Charlie Cocksedge

Charlie Cocksedge is a journalist and sub-editor at UNILAD. He graduated from the University of Manchester with an MA in Creative Writing, where he learnt how to write in the third person, before getting his NCTJ. His work has also appeared in such places as The Guardian, PN Review and the bin.

Topics: Technology, Cyber Security, hacked, online, Security


Fox Business
  1. Fox Business

    10 most hacked passwords revealed in 2019 report