LOG_DATE: [2025-05-22] | CATEGORY: SECURITY_SCARES | STATUS: BREACHED

I Used "123456" as My Password. How Fast Was I Hacked?

> HONEYPOT_ACTIVATED...

Every year, "123456" tops the list of most common passwords. We laugh at these people. But surely, the internet is vast. If I create one tiny account in the corner of the web, will anyone actually find it?

The Experiment:
1. Create a dummy email account on a slightly older, less secure protocol (IMAP enabled, no 2FA).
2. Set password to `123456`.
3. Leak the email address on a few "pastebin" sites and a public forum.
4. Wait.

TIME TO BREACH:
--:--:--

The Log

[00:00] Account Created: target_dummy_2025@example.com [00:15] Leaked on Pastebin. [00:45] Nothing. Silence. [01:20] First failed login attempt (Brute force bot trying 'password'). [02:14] SYSTEM ALERT: Successful Login Detected. IP: 198.54.x.x (Russia).

The Result: 2 Hours, 14 Minutes.

It took less time to hack this account than it takes to watch Avatar. The moment the credentials valid, the bot swarm descended.

What Did They Do?

Interestingly, no human "hacked" me. It was all automated scripts.

> ACTION_LOG_OF_HACKER

02:14:05 Login Successful

02:14:07 Script searches inbox for "Bank", "crypto", "Wallet", "Paypal".

02:14:10 Script attempts to use the email to sign up for spam relays.

02:14:15 Password changed by attacker to lock me out.

The Geography of the Attack

Within 24 hours (I regained access via admin tools), the account had login attempts from:

Russia (35%)
China (20%)
Brazil (15%)
USA (10%) - Likely VPNs

Conclusion

If you use a weak password, you rely on "Security through Obscurity" — hoping nobody notices you. This experiment proves that bots notice everyone.

They are constantly scraping the web, constantly trying door handles. If your door is unlocked (`123456`), they will walk in. It's not a matter of if, but when.

Change your passwords. Turn on 2FA. Now.