The top 10 passwords used on Brazzers

In September 2016, 800,000 users of the pornographic website Brazzers had their details leaked online. CybelAngel accessed and analysed this data.

The Brazzers database was leaked online in September 2016, following the hacking of in 2012. Hackers targeted a vulnerability in vBulletin, the software program used to run the forum. This vulnerability was also used to hack other forums, such as the Epic Games and GTAGaming forums.

The leaked data included e-mail addresses, usernames and passwords in plain-text form. This clearly indicated an oversight on the part of administrators, because even users with strong passwords were exposed. Administrators should have protected data stored online (by hashing and salting, for example). This makes it more difficult for cybercriminals to crack complicated passwords – those containing over 10 characters, including figures, lowercase and uppercase letters and special characters.

The top 10 Brazzers passwords

Most Brazzers users were unoriginal when it came to choosing passwords.

Rank Password Occurrences
1 123456 5369
2 password 3163
3 baseball 1190
4 football 1004
5 qwerty 921
6 12345678 667
7 brazzers 621
8 fuckyou 615
9 superman 599
10 123456789 595


Others proved to be fans of the female figure – 2,846 passwords contained the word “ass” and 1,155 contained “tit”. Indeed, “bigtits” was the 12th most popular password at 554 occurrences. Some 55 users made the presumptuous claim of having a “bigdick”.

The top 10 e-mail addresses

Users were also unoriginal when choosing e-mail providers, given that the hacking took place in 2012. These providers showed that Brazzers had a predominantly US audience.

Rank E-mail provider Occurrences
1 286 226
2 204 861
3 92 225
4 74 544
5 22 926
6 20 536
7 12 764
8 7502
9 6394
10 6287


Furthermore, the website appeared to be popular among academics, with 17,848 addresses ending in the extension “.edu” (reserved for students and teaching staff in the US).

This leak, involving a porn website database, is a timely reminder of why e-mail addresses should be used correctly. Never use a professional (or student) e-mail address on a personal website. This will prevent you from being identified and your reputation being harmed in the event the database is leaked. It will also stop hackers from accessing other accounts –users often use the same password for several sites.