The 10 worst password snafus of 2021

2 years ago 427

Dashlane's sixth yearly database of the year's worst password offenders reveals the biggest password information mishaps for 2021.

Passwords connected  sticky notes

Image: Roobcio/Shutterstock

Using beardown and unafraid passwords is dependable proposal not conscionable for your ain idiosyncratic accounts but for immoderate accounts oregon services you usage connected the job. In fact, a anemic password tin make acold much occupation for an enactment that holds idiosyncratic information and different delicate information. To amusement conscionable however overmuch occupation it tin create, password manager Dashlane has unveiled a database of the worst password-related information incidents for 2021.

SEE: Password Management Policy (TechRepublic)

For its 2021's Worst Password Offenders list, Dashlane looked astatine the year's 10 worst information mishaps that progressive hacked oregon stolen passwords. These fiascos amusement that proposal astir creating a beardown password is inactive being ignored by excessively galore individuals and excessively galore organizations.

  1. SolarWinds. In February 2021, overseas hackers were capable to access interior emails astatine authorities agencies and organizations astir the satellite by exploiting a vulnerability successful web monitoring bundle from SolarWinds. Though determination was capable blasted to spell around, executives astatine the institution pointed the digit astatine an intern for creating a anemic password of "solarwinds123," which past leaked online. As U.S. Rep. Katie Porter (D-California) said during a hearing: "I've got a stronger password than 'solarwinds123' to halt my kids from watching excessively overmuch YouTube connected their iPad."
  2. COMB. An acronym for "Compilation of Many Breaches," this pointed to an online hacking forum that published much than 3 cardinal antithetic passwords compiled from past breaches astatine Netflix, LinkedIn, Bitcoin and galore different companies. In total, the leak revealed the information of astir 70% of each net users passim the satellite and served arsenic a reminder to not reuse your passwords.
  3. Verkada. In this incident, a radical of hackers utilized an admin password leaked online to access much than 5,000 Verkada cameras, giving them a presumption of Tesla factories and warehouses, Equinox gyms, hospitals, jails and adjacent schools.
  4. RockYou2021. Dubbed by Dashlane arsenic the "Queen of each password leaks," the infamous RockYou2021 debacle centered connected a 100GB substance record with 8.4 cardinal passwords posted connected a idiosyncratic forum. Collected from past information breaches, galore of the passwords were apt for accounts nary longer progressive but inactive comprised a immense leak of delicate data.
  5. Facebook. In April 2021, a hacker leaked the telephone numbers and different idiosyncratic data of 533 cardinal Facebook users. The societal media elephantine blamed the incidental connected a vulnerability that the institution fixed successful 2019. But the leaked information could inactive beryllium utile to cybercriminals looking to scam people.
  6. Ticketmaster. In this breach, employees astatine Ticketmaster hacked into the machine systems of a rival to retrieve stolen passwords. Pleading blameworthy to the crime, the institution was forced to pony up a $10 cardinal fine.
  7. GoDaddy. In November of this year, hosting institution GoDaddy revealed a information breach that deed the accounts of much than 1 cardinal of its WordPress customers. Investigating the incident, the institution discovered that the hacker utilized a compromised password to entree a strategy successful its bequest codification for Managed WordPress.
  8. ActMobile Networks. More than 300 cardinal idiosyncratic records of VPN users were leaked online, galore of them revealing email addresses and encrypted passwords, according to Comparitech. Following the way of breadcrumbs, Comparitech fingered ActMobile Networks arsenic the owner, though the institution denied the charge, claiming that it doesn't support immoderate databases.
  9. DailyQuiz.me. Hackers broke into a DailyQuiz.me database of astir 13 cardinal accounts, snagging plaintext passwords, email addresses, and IP addresses for 8.3 cardinal people. Placed for merchantability connected the Dark Web, the stolen information yet recovered its mode onto the nationalist domain.
  10. New York City Law Department. Using conscionable 1 employee's stolen email relationship password, a hacker was capable to entree delicate records for this 1,000-lawyer agency. The section houses specified accusation arsenic grounds of constabulary misconduct, the identities of young children charged with crimes, aesculapian records for plaintiffs and idiosyncratic information for metropolis employees.

Recommendations

How tin you marque definite your employees travel beardown password information guidelines to support your organization's delicate data? Dashlane offers the pursuing tips:

  • Establish a civilization of security. Employees request to recognize what portion they play successful securing your company's data. They indispensable beryllium progressive successful discussions astir security. And they should person the tools required to travel beardown password and information hygiene.
  • Train employees. Show employees however to spot and study imaginable information risks and threats. You whitethorn privation to make a peculiar email oregon interaction they tin usage to study an incident.
  • Implement the close technology. This means utilizing specified tools arsenic email security, endpoint extortion and password managers.
  • Track the results of your information tools. Find ways to measurement the effectiveness of your information defenses. For example, immoderate password managers person a wellness diagnostic that analyzes and rates the spot of your passwords.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article