One of the most common ways to have your private data stolen on the web is by having a weak, predictable password. It sounds easy enough, but you’d be surprised and how many people choose a password that is easy to hack. According to SplashData, here’s the top 25 worst (and riskiest) passwords out there:

“In a year with several high profile password hacking incidents at major sites including Yahoo, LinkedIn, eHarmony, and Last.fm, SplashData’s list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords.

The top three passwords, ‘password,’ ‘123456,’ and ‘12345678,’ remain unchanged from last year’s list.

New entries to this year’s list include ‘welcome,’ ‘jesus,’ ‘ninja,’ ‘mustang,’ and ‘password1.’”

# Password

1. password
2. 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein
8. dragon
9. 111111
10. baseball
11. iloveyou
12. trustno1
13. 1234567
14. sunshine
15. master
16. 123123
17. welcome
18. shadow
19. ashley
20. football
21. jesus
22. michael
23. ninja
24. mustang
25. password1

If your password is any of these, make sure you change it – fast. In addition to having a secure password, make sure the web application your using has been thoroughly tested for real world security vulnerabilities. If you are visiting a web app susceptible to hacks, you may be in a hacker’s line of fire.

This hair-raising list comes out right before Halloween. Have you ever had your personal data stolen? Share your spooky security story in our comments section.