45 Million More Passwords Leaked – “Password” is No Longer the Most Common Choice


Another day, another story of leaked passwords... Hackers are back again, this time stealing passwords of over 45 million accounts on more than 1,100 websites. The data includes usernames, email addresses, IP addresses, and passwords of people who use major sports, auto, and tech sites, including AutoGuide.com, Motorcycle.com and Techsupportforum.com.

LeakedSource, the website previously responsible for hosting stolen data of LinkedIn and other websites, has now published the information, notifying of the latest data breach. The search engine has said that all the sites that were victims of this data breach run on a platform provided by a Canadian company called VerticalScope. The company owns and operates around 480 online communities, content portals, and e-newsletters.

This data set contains nearly 45 million records from over 1100 websites and communities. Some of the larger domains include Techsupportforum.com MobileCampsites.com Pbnation.com and Motorcycle.com. Each record may contain an email address, a username, an IP address, one password and in some cases a second password.

Stolen passwords and data hosted at LeakedSource

A search engine of stolen data, LeakedSource has gained huge popularity in the past few weeks after hosting leaked data sets of major websites back to back. The site has said that the hack was perpetrated in February 2016, while the data was added to LeakedSource on April 27th 2016. LeakedSource has only now analyzed the data. In a statement to Vice, VerticalScope’s vice president Jerry Orban confirmed the breach saying that the company was "aware of the possible issue." Orban said that the breach is limited to "usernames, userids, email addresses, and encrypted passwords."

However, LeakedSource has said that it was able to crack 74% of the stolen passwords thanks to weak algorithms that were used to hash and encode passwords. For once, "password" wasn't the most used password in this leaked data set. "123456" topped the chart with 150,852 occurrences, followed by "18atcskd2w" (umm, whatever this apparently popular string means), and finally "password" is at the third place.

To confirm if your data has been compromised, go to this link, and remove it. If you find your data in the database, change your passwords immediately.