NEW YORK, Dec. 14, 2021 /PRNewswire/ -- In 2021, we're celebrating the 60th anniversary of the computer password's invention, but it also marks the year of some of the worst password mishaps this century. To honor the milestone, Dashlane, today announced its sixth annual list of 2021's Worst Password Offenders. After the events of the past year-plus forced us to live our lives online, we may have expected that both companies and users alike would have sharpened their security skills to better control fraudulent activity and avoid breaches.
"If companies don't start implementing positive password practice across their organization, the breaches are only going to get bigger and more dreadful," said JD Sherman, CEO of Dashlane. "If your company were a car, you wouldn't step away without rolling up the windows and locking the doors. Yet, computer users seem to be leaving cars running and keys in the ignition. Much of the nuisance associated with good password hygiene is taken care of by a password manager like Dashlane."
So Naughty We Named Them Twice
SolarWinds, COMB and Verkada all received a shoutout in our mid-year worst password award list, but a list of the worst password misfortunes wouldn't be complete without these very unfortunate password leaks. Allow us to remind you:
1. SolarWinds: In February 2021, both current and former SolarWinds execs blamed an intern for using the entirely-all-too-insecure password solarwinds123, which was leaked online. We'd make a comment here, but Rep. Katie Porter said it best: "I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad."
2. COMB: Not what you use to brush your luscious locks but rather the "Compilation of Many Breaches." As bad as it sounds, COMB is the result of an online hacking forum posting over three billion unique emails and passwords gathered from past leaks at Netflix, LinkedIn, Bitcoin, and more. With 4.7 billion people online, COMB included the data of nearly 70% of global internet users! Both predictable and painful (are you listening? Don't reuse your passwords!).
3. Verkada: After an international hacker collective breached its systems with a username and password found on the internet, they accessed Verkada customer cameras, which ranged from Tesla factories and warehouses to Equinox gyms, hospitals, jails, and schools. Wonder if they have any good footage of Sexiest Man Alive Paul Rudd working out at his local Equinox?!
And the list continues…
4. RockYou2021: We will, we will rock you—or hack you. We like to call this one the Queen of all password leaks. A forum user posted a massive 100 GB TXT file that contained 8.4 billion passwords.
5. Facebook: Or Meta? We're not sure what to call it, but what we do know is that 2021 has not been the year for them. 533 million Facebook users were exposed in this data breach. Keep them coming, Facebook—the way data is handled by you continues to be a juicy topic of conversation at every dinner party.
6. Ticketmaster: Master of tickets but definitely not master of passwords. Employees utilized unlawfully obtained passwords to hack a rival company's computer systems. During a year where people were avoiding coughs, the ticket sales and distribution company coughed up a $10 million fine from the hack.
7. GoDaddy/WordPress: GoDaddy domain-ates the internet, but it does not dominate password security. In 2021, the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's managed WordPress hosting environment.
8. ActMobile Networks: Does the "p" in VPN stand for public or private? ActMobile Networks, which operates several VPN brands, continues to deny the compromise of 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts.
9. DailyQuiz.me: Pop quiz: How many credentials were stolen from user accounts on DailyQuiz.me's website? The answer is 8.3 million. The attackers exfiltrated the site's database, which was then offered for sale on underground forums and Telegram channels. The database contents include plaintext passwords, emails, and IP addresses. The population of New York City is 8.4 million. We'll let that sit with you for a bit.
10. New York City Law Department: While many believe New York City handled COVID-19 well, the same doesn't go for the city's law department handling their online credentials. New York City's Law Department holds some of the city's most closely guarded secrets: evidence of police misconduct, the identities of young children charged with serious crimes, plaintiffs' medical records and personal data for thousands of city employees. But all it took for a hacker to infiltrate the 1,000-lawyer agency's network in June was one worker's stolen email password.
The Worst Password Offenders list serves as an annual reminder of how easy it is to make an Internet faux pas, even when we think we're protected. Data from Verizon's 2021 Breach Investigations Report shows that the average cost of a data breach is $4.24 million and that 80% of breaches are caused by weak, reused and stolen employee passwords. Dashlane's free ebook, Phishing 101, provides practical advice to help businesses keep their employees from taking the bait:
- Create a culture of security where employees understand their roles in protecting your company's data and IT resources, are active participants in ongoing security conversations, and have the tools they need to maintain good security habits without impeding their work.
- Train employees how to identify and report suspected security incidents and threats. Consider creating a special email or channel for them to reach out to.
- Adopt technology such as endpoint security, password managers, and email security.
- Measure your program's effectiveness. Some password managers include a password health feature that tracks your company-wide password security scores over time.
- Stay vigilant. Utilize tools like Dashlane's BusinessBreachReport.com to evaluate the effectiveness of your organization's security for free.
About Dashlane
Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere. A better digital future starts with secure access.
Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 15 million users and 20,000 businesses in 180 countries use Dashlane for a faster, simpler, and more secure internet.
SOURCE Dashlane
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article