Social media app builder RockYou's website was breached in December 2009 and cyber criminals accessed the unencrypted account details, including password and email address, of 32 million users.
The top ten most commonly used passwords were: 123456, 12345, 123456789, Password, iloveyou, princess, rockyou, 1234567, 12345678 and abc123.
"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second - or 1,000 accounts every 17 minutes," said Imperva's CTO Amichai Shulman. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."
The research also revealed that nearly 50% of users used names, slang words, dictionary words or trivial passwords, such as consecutive digits and adjacent keys, as their login information.
Shulman added that lax password control could have serious repercussions for businesses. "Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like '123456'."