[BreachExchange] Top 10 worst password FAILS of 2018
Destry Winant
destry at riskbasedsecurity.com
Fri Dec 14 08:44:33 EST 2018
https://www.csoonline.com/article/3326830/security/top-10-worst-password-fails-of-2018.html#tk.rss_news
The 2018 worst password fails, by that Dashlane means worst offenders
this year, are:
1. Kanye West for unlocking his iPhone on TV in the White House with 000000.
2. The Pentagon for protecting weapon systems with default passwords,
as well have having such pitiful admin passwords that the GAO audit
team could guess them in nine seconds.
3. Cryptocurrency owners for failing to remember their passwords to
their digital wallets in order to cash out while cryptocurrencies were
at record-level highs.
4. Nutella for telling Twitter followers to use “Nutella” as a
password — advice sent out on World Password Day.
5. U.K. law firms, 500 of them, for their 1 million corporate email
and password combinations, stored in plaintext, which were discovered
by researchers on the dark web.
6. The state of Texas for exposing over 14 million voter records
thanks to a server that didn't have password protection.
7. White House staff for a member writing down his email login and
password and then leaving the White House stationery document at a
Washington, D.C., bus stop.
8. Google for leaving a Google admin page with a blank username and
password combo, allowing an engineering student to get access to a TV
broadcast satellite.
9. The United Nations for its staff failing to password-protect
collaboration projects using Trello, Jira, and Google Docs. Anyone
with the right “link could access secret plans, international
communications and plaintext passwords.”
10. University of Cambridge for leaving a password in plaintext on
GitHub, allowing anyone to access the data of millions of people —
data that had been extracted from the Facebook quiz app myPersonality.
More information about the BreachExchange
mailing list