The recent targeted attack on iCloud users, which led to the release of nude celebrity photos, was partly successful because of weak passwords.
Apple said in a statement that celebrity accounts were “compromised by a very targeted attack on user names, passwords, and security questions”.
The Apple statement suggested that easy-to-guess passwords were to blame in some of the cases where celebrity accounts were hacked.
Weak passwords are often to blame when hackers gain access to password protected services, which raises the question: which passwords should you avoid using?
Common passwords not to use
It is speculated that iBrute was used to hack into the aforementioned iCloud accounts. This service uses 500 of the most popular passwords globally, which were leaked by RockYou.
The ten most common passwords on the RockYou list are as follows:
- Password1
- Princess1
- [email protected]
- Passw0rd
- Michael1
- Blink182
- !QAZ2wsx
- Charlie1
- Anthony1
- 1qaz!QAZ
The RockYou password list is only one of many compilations of the most common passwords in the world.
Trustwave also produced a recent list of passwords to avoid, where it used Active Directory environments to gather hashed passwords which they set out to crack.
By using a simple dictionary attack, they recovered 53.97 percent of passwords within just a few minutes.
“Such a short cracking time using a word list from last year’s study shows that passwords were as predictable as ever,” Trustwave said.
The ten most common passwords from the Trustwave experiment are listed below.
- Password1
- Hello123
- password
- Welcome1
- [email protected]
- training
- Password123
- job12345
- spring
- food1234
Trustwave also listed some valuable insights into what type of passwords are used, as shown in the images below.


Join the conversation Autoload comments
Comments section policy: MyBroadband has a new article comments policy which aims to encourage constructive discussions. To get your comments published, make sure it is civil and adds value to the discussion.