The most common password? 12345.
This story broke last week, but countless websites are not telling it correctly. The error is that they claim the President’s account was hacked and his password was 12345. I started off writing this post with that information, but I like to do a little something called “fact-checking” before I commit information to the Internet. I linked two original sources above. Haaretz, the Israeli publication that seems to be the original source had their information correct.
The attack took place overnight Sunday and the target was the mail server of the Syrian Ministry of Presidential Affairs. Some 78 inboxes of Assad’s aides and advisers were hacked and the password that some used was “12345”.
It seems pretty straightforward, but apparently reading comprehension isn’t an important skill to be an Internet journalist.
The other problem is that most people assume the breach was due to the weak passwords. That is not necessarily the case. The passwords on display are the passwords used to get into an individual user’s email box… to dump the users and passwords from the email system they would need remote access to either the server or the mySQL instance*. Hopefully that access was not guarded by such weak passwords. I believe it is most likely that the server (or database) was accessed through an unpatched vulnerability. Once access was obtained, they dumped out the passwords, and then went through the webmail interface to sift through all of the email boxes.
All that said, weak passwords are a major issue. I intend to post a follow up soon with some steps to prevent bad passwords.
*Please don’t put your databases online unless absolutely necessary.