These are the worst password offenders of the year - you'll probably guess a few

Ein Passworteingabefeld mit 9 Sternchen
(Image credit: (stock.adobe.com © jamdesign))

With 2021 almost finally behind us, and password management service providers Dashlane has taken the opportunity to look back at some of the worst password offenders of the year. 

The company named SolarWinds and its cybersecurity-oblivious intern as the loser of the year after his/her unbreakable password - solarwinds123, leaked online. 

The second-biggest password offender was COMB - or Combination of Many Breaches. This isn’t exactly a company being reckless, but rather - almost everyone in the world - being reckless. A database of more than three billion unique emails and passwords, from services such as Netflix and LinkedIn, all breached in the past, were posted on a hacking forum. With the world currently counting around 7.7 billion people, it's safe to say that many must have had their identities stolen in the breach.

Fostering a culture of security

The third-biggest offender was Verkada, whose username and password was found by cybercrooks online, using it to access the company's customer cameras and spy on people everywhere, from those working in Tesla factories, to those working out in Equinox gyms. Dashlane said cameras from hospitals and jails were also compromised, making this breach that much more sensitive.

These three may have been the worst, but they’re far from the only major incidents to occur in the past 12 months. Facebook, GoDaddy, WordPress, RockYou2021, ActMobile Networks or DailyQuiz.me, all made the list. 

With the average cost of a data breach now being $4.24 million, and 80% of breaches being caused by weak, reused and stolen employee passwords, Dashlane says it’s now more important than ever, to keep businesses safe from phishing and other forms of online fraud.

To stay safe, businesses should create a “culture of security”, where employees understand their roles in protecting their company’s data and IT resources. They should train employees how to identify and report shady activity, adopt industry-standard cybersecurity tech such as endpoint security, password managers, email security, or MFA and security keys, and measure their programs’ effectiveness.

Reminding everyone how devastating these leaks have been, Dashlane also warned everyone that unless we get our password act together, things are only going to get worse.

“If companies don’t start implementing positive password practice across their organization, the breaches are only going to get bigger and more dreadful,” said JD Sherman, CEO of Dashlane. “If your company were a car, you wouldn’t step away without rolling up the windows and locking the doors. Yet, computer users seem to be leaving cars running and keys in the ignition. Much of the nuisance associated with good password hygiene is taken care of by a password manager,” Dashlane’s CEO added.

You might also want to check out our list of the best identity management service providers out there

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.