The 10 worst password snafus of 2021

Dashlane’s sixth annual checklist of the 12 months’s worst password offenders reveals the largest password safety mishaps for 2021.

Passwords on sticky notes

Image: Roobcio/Shutterstock

Using sturdy and safe passwords is sound recommendation not simply in your personal private accounts however for any accounts or companies you employ on the job. In truth, a weak password can create much more bother for a corporation that holds consumer information and different delicate data. To present simply how a lot bother it may create, password supervisor Dashlane has unveiled a listing of the worst password-related safety incidents for 2021.


SEE: (*10*) (TechRepublic)

For its 2021’s Worst Password Offenders checklist, Dashlane regarded on the 12 months’s 10 worst safety mishaps that concerned hacked or stolen passwords. These fiascos present that recommendation about creating a powerful password remains to be being ignored by too many people and too many organizations.

  • SolarWinds. In February 2021, international hackers have been in a position to entry inside emails at authorities companies and organizations world wide by exploiting a vulnerability in community monitoring software program from SolarWinds. Though there was sufficient blame to go round, executives on the firm pointed the finger at an intern for making a weak password of “solarwinds123,” which then leaked on-line. As U.S. Rep. Katie Porter (D-California) mentioned throughout a listening to: “I’ve bought a stronger password than ‘solarwinds123’ to cease my youngsters from watching an excessive amount of YouTube on their iPad.”
  • COMB. An acronym for “Compilation of Many Breaches,” this pointed to a web based hacking discussion board that published more than 3 billion different passwords compiled from previous breaches at Netflix, LinkedIn, Bitcoin and lots of different firms. In complete, the leak revealed the information of virtually 70% of all web customers all through the world and served as a reminder to not reuse your passwords.
  • Verkada. In this incident, a gaggle of hackers used an admin password leaked on-line to access more than 5,000 Verkada cameras, giving them a view of Tesla factories and warehouses, Equinox gyms, hospitals, jails and even colleges.
  • RockYou2021. Dubbed by Dashlane because the “Queen of all password leaks,” the notorious RockYou2021 debacle centered on a 100GB textual content file with 8.4 billion passwords posted on a consumer discussion board. Collected from previous information breaches, many of the passwords have been probably for accounts not lively however nonetheless comprised an enormous leak of delicate information.
  • Facebook. In April 2021, a hacker leaked the phone numbers and other personal data of 533 million Facebook customers. The social media big blamed the incident on a vulnerability that the corporate fastened in 2019. But the leaked information might nonetheless show helpful to cybercriminals trying to rip-off folks.
  • Ticketmaster. In this breach, employees at Ticketmaster hacked into the computer systems of a competitor to retrieve stolen passwords. Pleading responsible to the crime, the corporate was compelled to pony up a $10 million nice.
  • GoDaddy. In November of this 12 months, internet hosting firm GoDaddy revealed a safety breach that hit the accounts of greater than 1 million of its WordPress clients. Investigating the incident, the corporate found that the hacker used a compromised password to entry a system in its legacy code for Managed WordPress.
  • ActMobile Networks. More than 300 million personal records of VPN users were leaked online, many of them revealing e-mail addresses and encrypted passwords, in accordance with Comparitech. Following the path of breadcrumbs, Comparitech fingered ActMobile Networks because the proprietor, although the corporate denied the cost, claiming that it would not preserve any databases.
  • Hackers broke right into a database of virtually 13 million accounts, snagging plaintext passwords, email addresses, and IP addresses for 8.3 million folks. Placed on the market on the Dark Web, the stolen information finally discovered its means onto the general public area.
  • New York City Law Department. Using just one employee’s stolen email account password, a hacker was in a position to entry delicate information for this 1,000-lawyer company. The division homes such data as proof of police misconduct, the identities of younger kids charged with crimes, medical information for plaintiffs and private information for metropolis staff.
  • Recommendations

    How are you able to be certain that your staff observe sturdy password safety pointers to guard your group’s delicate information? Dashlane affords the next suggestions:

    • Establish a tradition of safety. Employees want to grasp what half they play in securing your organization’s information. They have to be concerned in discussions about safety. And they need to have the instruments required to observe sturdy password and safety hygiene.
    • Train staff. Show staff how one can spot and report potential safety dangers and threats. You could wish to create a particular e-mail or contact they will use to report an incident.
    • Implement the proper expertise. This means utilizing such instruments as e-mail safety, endpoint safety and password managers.
    • Track the outcomes of your safety instruments. Find methods to measure the effectiveness of your safety defenses. For instance, some password managers have a well being characteristic that analyzes and charges the power of your passwords.


    Cybersecurity Insider Newsletter

    Strengthen your group’s IT safety defenses by preserving abreast of the newest cybersecurity information, options, and greatest practices.
    Delivered Tuesdays and Thursdays

    Sign up right this moment

    Also see

    Show More

    Related Articles

    Leave a Reply

    Your email address will not be published.

    Back to top button