Password offenders: Who’s the naughtiest of them all?

In 2021, we’re celebrating the sixtieth anniversary of the pc password’s invention, but it surely additionally marks the 12 months of some of the worst password mishaps this century. To honor the milestone, Dashlane introduced its 2021 Worst Password Offenders record.

2021 worst password offenders

After the occasions of the previous year-plus pressured us to reside our lives on-line, we could have anticipated that each firms and customers alike would have sharpened their safety expertise to higher management fraudulent exercise and keep away from breaches.

“If companies don’t start implementing positive password practice across their organization, the breaches are only going to get bigger and more dreadful,” stated JD Sherman, CEO of Dashlane.


“If your company were a car, you wouldn’t step away without rolling up the windows and locking the doors. Yet, computer users seem to be leaving cars running and keys in the ignition.”

2021 Worst Password Offenders

SolarWinds, COMB and Verkada all obtained a shoutout in the mid-year worst password award record, however an inventory of the worst password misfortunes wouldn’t be full with out these very unlucky password leaks. Allow us to remind you:

SolarWinds: In February 2021, each present and former SolarWinds execs blamed an intern for utilizing the entirely-all-too-insecure password solarwinds123, which was leaked on-line. We’d make a remark right here, however Rep. Katie Porter stated it greatest: “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad.”

COMB: As cryptocurrency soared, bitcoin customers had been locked out of each their wallets and potential fortunes because of forgotten passwords. Listen, individuals—Post-its get misplaced, built-in browser storage doesn’t work in every single place, and also you shouldn’t go away the keys to your on-line kingdom as much as reminiscence. Password managers are the most safe, common resolution, to not point out a lifesaver in situations like these.


Verkada: After a world hacker collective breached its methods with a username and password discovered on the web, they accessed Verkada buyer cameras, which ranged from the Technoking of Tesla’s factories and warehouses to Equinox gyms, hospitals, jails, and faculties. It’s unlikely Musk will mock this in his upcoming SNL monologue—avoidable knowledge breaches aren’t any laughing matter.

And the record continues…

RockYou2021: We will, we are going to rock you—or hack you. We wish to name this one the Queen of all password leaks. A discussion board person posted an enormous 100 GB TXT file that contained 8.4 billion passwords.

Facebook: Or Meta? We’re unsure what to name it, however what we do know is that 2021 has not been the 12 months for them. 533 million Facebook customers had been uncovered on this knowledge breach. Keep them coming, Facebook—the means knowledge is dealt with by you continues to be a juicy subject of dialog at each banquet.

Ticketmaster: Master of tickets however undoubtedly not grasp of passwords. Employees utilized unlawfully obtained passwords to hack a rival firm’s pc methods. During a 12 months the place individuals had been avoiding coughs, the ticket gross sales and distribution firm coughed up a $10 million fantastic from the hack.


GoDaddy/WordPress: GoDaddy domain-ates the web, but it surely doesn’t dominate password safety. In 2021, the knowledge of as much as 1.2 million of its clients was uncovered after hackers gained entry to the firm’s managed WordPress internet hosting atmosphere.

ActMobile Networks: Does the “p” in VPN stand for public or personal? ActMobile Networks, which operates a number of VPN manufacturers, continues to disclaim the compromise of 45 million person data that included electronic mail addresses, encrypted passwords, full identify and username; 281 million person gadget data together with IP tackle, county code, gadget and person ID; and 6 million buy data together with the product bought and receipts. Pop quiz: How many credentials had been stolen from person accounts on’s web site? The reply is 8.3 million. The attackers exfiltrated the web site’s database, which was then provided on the market on underground boards and Telegram channels. The database contents embody plaintext passwords, emails, and IP addresses. The inhabitants of New York City is 8.4 million. We’ll let that sit with you for a bit.

New York City Law Department: While many consider New York City dealt with COVID-19 properly, the similar doesn’t go for the metropolis’s legislation division dealing with their on-line credentials. New York City’s Law Department holds some of the metropolis’s most intently guarded secrets and techniques: proof of police misconduct, the identities of younger youngsters charged with critical crimes, plaintiffs’ medical data and private knowledge for hundreds of metropolis workers. But all it took for a hacker to infiltrate the 1,000-lawyer company’s community in June was one employee’s stolen electronic mail password.

The 2021 Worst Password Offenders record serves as an annual reminder of how simple it’s to make an web fake pas, even after we suppose we’re protected. Data from Verizon’s 2021 Breach Investigations Report reveals that the common price of an information breach is $4.24 million and that 80% of breaches are brought on by weak, reused and stolen worker passwords.

Practical recommendation to assist companies hold their workers from taking the bait

  • Create a tradition of safety the place workers perceive their roles in defending your organization’s knowledge and IT assets, are energetic individuals in ongoing safety conversations, and have the instruments they should preserve good safety habits with out impeding their work.
  • Train workers the best way to determine and report suspected safety incidents and threats. Consider making a particular electronic mail or channel for them to succeed in out to.
  • Adopt expertise corresponding to endpoint safety, password managers, and electronic mail safety.
  • Measure your program’s effectiveness. Some password managers embody a password well being characteristic that tracks your company-wide password safety scores over time.
  • Stay vigilant. Utilize instruments that assist consider the effectiveness of your group’s safety without spending a dime.

Show More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button