I've read elsewhere that it was slightly modified: The at symbol ( @ ) substituted for the letter "a", and the number zero (0) substituted for the letter "o". e.g.: "p@ssw0rd"
(I guess he didn't think of using two dollar signs for the letter "s"es?)
Not that those modifications make that much of a difference. It would just take that 14-year old hacker a few minutes longer to crack.
Yeah, using any permutation of "password" is not a good idea. I'm surprised Yahoo Mail or whatever it was let him use it at all. Usually websites with decent security will kick back password attempts like that.