Top 10 Passwords in Iran
In the last days of 2014, Facenama- an Iranian version of Facebook- was hacked by anonymous hacker(s) and details of more than 116,000 users were published.
A few days after disclosing database, I downloaded it due to my curiosity that I really liked to know what kind of passwords is used by Iranians. Why?
Because we had not had such information that helped us to find out the most popular passwords in Iran.
The data volume was massive (more than 160,000 records) and it was difficult to analyse them. So, I decided to clean it and only keep the passwords that were repeated more than 10 times.
By filtering leaked passwords based on number of frequency, I identify 347 common passwords.
As you can see, all passwords are in the MD5 format that is nonsense! Hence, I did a simple search for a website that can decrypt MD5 format. I found HashKiller can decrypt the most and obvious MD5 without any problem.
By using of HashKiller, I managed to decrypt near all passwords (99.42%) that you can see the result on GitHub or Google Spreadsheet.
The number one password that has been used by Iranians is 123456 which is the most popular password in the world.
In addition, I notice that Facenama did not have a confirmation process for email addresses because there are invalid email addresses in the database such as ……@yahoo.com!
If you would like to have conversation about this story, you can send an email to aminsabeti [at] gmail [dot] com or poke me @AminSabeti on Twitter.
