Published: March 01, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Just think about if for minute…would you ever believe the password you created for your Microsoft 365 work account would end up causing a massive data breach affecting millions? Depending on strong password precautions, if you use them or not, and whether you use the same password for other accounts, it could happen. In fact, it has happened, many times. Below are some well-known and perhaps some less publicized examples of just that, poor passwords leading to the compromise of an entire company, their employees, customers, and others caught in a data breach that could have been avoided.
The popular web hosting company with over 20 million customers and more than 9,000 employees worldwide suffered a data breach last year. Over 1 million of its WordPress clients were affected, and the company eventually learned a compromised password gave a hacker access to system legacy code for Managed WordPress. Exploiting the stolen password for more than two months before the breach was discovered, GoDaddy’s WordPress customers can still be victimized today.
The company believes an intern at their company created an email password that was easily compromised and then leaked online. The password snafu led to foreign adversaries exploiting a vulnerability that launched cyberattacks against major U.S. government agencies worldwide. Although the conclusion was that Russia was behind the attacks, one little password started the entire worldwide chain of events. Security experts believe the damage from this breach is still being exploited. The password used by the SolarWinds intern was “solarwinds123.”
New York City Law Department Breach
An incredible amount of sensitive data belonging to New York City’s Law Department was compromised when a hacker gained access to their systems for a month before being discovered. At the time, most of the one thousand lawyers working remotely were prevented from accessing their files, and also included the personal information of city employees. What led to this horrific hack was just one employee whose email account password was stolen.
The supplier of cloud-based video security for major companies had over 5,000 of their security cameras compromised. The hack gave bad actors video surveillance of Tesla factories, Equinox gyms, jails, hospitals, and schools. This breach started when a leaked administration password was posted online.
An online hacking forum, “Compilation of Many Breaches” or COMB, posted over 3 billion stolen passwords on its site. The thief leaked the passwords of nearly 70% of worldwide internet users. The data was gathered from past breaches including those at Bitcoin, LinkedIn, and Netflix. It’s a reminder that passwords involved in breaches need to be changed immediately and should never be reused for other accounts.
The lesson learned here? Before you create a new password, stop and think a minute before you do. There could be consequences you never dreamed of, so always choose wisely.
Strong Password Tips
Use at least 8 characters that include letters, numbers, and special characters.
Don’t make passwords easy to guess, dictionary words, or that include personal information such as your birth date.
Never use the same password for multiple accounts.
Don’t give passwords or PINs to anyone, including someone in the IT department or to tech support.
If you have to write down passwords, don’t store them on an internet-connected device. Use a pen and paper and store them out of site, preferably in a locked drawer or cabinet.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com