NEWS FROM THE LAB - Friday, April 1, 2011

Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice Posted by Mikko @ 06:31 GMT

passwordsPasswords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.

According to current statistics, 62% of affected users would not notice such a change as their password was already "password".

Several sites have reported that they are taking steps to protect compromised accounts. In addition, many sites are creating a new rule to ban using the word "password" as a password.

Users are reacting fiercely to the hack but even more so to the ban many sites are putting on one of the world's most popular passwords. Online riots are to be expected.

The hacker group named "Obvious" has claimed credit for last evening's attack. Thousands of hacked Twitter and Facebook accounts posted the message "We are all Obvious! Don't Expect Us".

A 1.9 GB file containing more than 3,000,000 user names — and one password — is now available for download as a torrent file via The Pirate Bay.

To avoid problems like this in the future, we are recommending users to change their password everywhere to "password1", which is obviously more secure.