The hackers who stole the logins and passwords for thousands of email accounts in a phishing scam that came to light this week likely lured users with fake “security check” forms. But for many users, they wouldn’t have needed to expend that much energy: the most common single password of the accounts disclosed was “123456.” The runner-up? “123456789.”
Other common passwords were the users’ date of birth, “ibelongtogod” “666666,” and “iloveyou.” The popularity of easily guessable passwords show that most users still don’t take security seriously—but they should, or risk losing more than their email. "People tend to have the same password across many accounts," one analyst tells the Register. "So there is a good chance that individuals have also compromised the integrity of their eBay or PayPal accounts, too."