Top 10 Passwords in Iran

In the last days of 2014, Facenama- an Iranian version of Facebook- was hacked by anonymous hacker(s) and details of more than 116,000 users were published.

Image for post
Image for post
Leaked database of Facenama. Note: Due to users’ privacy, I blurred the image.

A few days after disclosing database, I downloaded it due to my curiosity that I really liked to know what kind of passwords is used by Iranians. Why?

Because we had not had such information that helped us to find out the most popular passwords in Iran.

The data volume was massive (more than 160,000 records) and it was difficult to analyse them. So, I decided to clean it and only keep the passwords that were repeated more than 10 times.

By filtering leaked passwords based on number of frequency, I identify 347 common passwords.

Image for post
Image for post
Top 10 passwords on Facenama in the MD5 format.

As you can see, all passwords are in the MD5 format that is nonsense! Hence, I did a simple search for a website that can decrypt MD5 format. I found HashKiller can decrypt the most and obvious MD5 without any problem.

By using of HashKiller, I managed to decrypt near all passwords (99.42%) that you can see the result on GitHub or Google Spreadsheet.

Image for post
Image for post
Top 10 passwords on Facenama.com

The number one password that has been used by Iranians is 123456 which is the most popular password in the world.

In addition, I notice that Facenama did not have a confirmation process for email addresses because there are invalid email addresses in the database such as ……@yahoo.com!

If you would like to have conversation about this story, you can send an email to aminsabeti [at] gmail [dot] com or poke me @AminSabeti on Twitter.

Written by

Executive Director @DigiImpactLab , Founder @Certfalab , Digital Security Expert, #Iran’s Internet Expert, Hacker Hunter🕵️

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store