An unrepentant, arrogant loser with too much time on his hands hacked into the Phpbb.com web site, published thousands of user passwords, and then took the time to boast about it online. The script kiddie justifies his actions by noting that he did not alter any files on the server, and that he did what he did out of boredom. His excuses are lame, but we won’t dwell on that. What’s newsworthy is that the passwords he stole and subsequently published were so simple. Loser that he may be, we still owe him a debt of gratitude for showing us this. Yes, it seems there are still people out there who use “123456″ as a password.

After the attack, security expert Robert Graham, writing on Dark Reading, took the time to look at the list of published passwords and analyze them looking for patterns, and he came up with what he calls “interesting” results. “Startling” might be a more appropriate adjective.

First of all, the passwords on the site were allowed to be very simple, not even requiring both numbers and letters. According to the writer’s analysis, there was a 65 percent match running the passwords through a standard dictionary file, and a 94 percent match for hacker dictionaries. According to Robert’s results, 16 percent of the passwords matched a person’s first name, 14 percent were keyboard patterns, 4 percent were variations of the word “password”, 5 percent had pop-culture references, 4 percent referenced nearby things, 3 percent were emo words, 3 percent were “don’t care” words, 1.3 percent were passwords seen on television or in the movies, and 1 percent were sports related. The most popular password was “123456″, with 3.03 percent of users choosing this one. 2.13 percent chose the word “password” as their password.