|
Twitter Employees and Zoom Users Top Dashlane's List Of 2020's "Worst Password Offenders"
Friday, December 11, 2020
Experian, Nintendo, and Marriott Also Appear in Fifth Annual Rankings
NEW YORK, Dec. 3, 2020 /PRNewswire/ -- Dashlane today announced its fifth annual list of the year's "Worst Password Offenders." As our lives have migrated almost entirely online due to the pandemic, the list highlights the companies and organizations with the most significant password-related mishaps of 2020.
Social networking may have kept us connected in the year of Covid-induced social distancing, but unfortunately Twitter and Zoom (which took the #1 and #2 spots on this year's list) allowed their employees and users to fall victim to cyber attacks by using weak passwords. In addition, other big names in the world of travel, gaming, and home delivery, also fell victim to hacks. When a hacker gains access to your username or email and password from a single compromised database, they can use that information to access other accounts.
The Worst Password Offenders list serves as an annual reminder for how easy it is to make an internet faux pas, even when we think we're protected. Dashlane data shows the average internet user has over 200 digital accounts that require passwords, a figure projected to double to 400 in the next five years.
"Just because more of our lives are now online doesn't mean the digital world has become safer--everyone needs to remember proper password hygiene and implement cybersecurity-related best practices," said Dashlane's Head of IT, Jay Leaf-Clark. "Using a password manager like Dashlane to keep your information secure--whether you're an individual or a business--will help alleviate the pain of any future breaches or password disasters."
Dashlane's "Worst Password Offenders" of 2020, beginning with the worst:
1. Twitter Employees: In July, a small number of Twitter employees fell
victim to one of the oldest tricks in the book: phishing. The attack,
orchestrated by a 17-year-old Florida high-schooler, saw several
employees 'reset their passwords' on a dummy site that, in addition to
collecting login information, extracted multifactor authentication codes.
From there, 130 verified accounts belonging to Barack Obama, Elon Musk,
Bill Gates, Joe Biden and more began to post Bitcoin scams. Twitter
scrambled to identify where and how the breach occurred--and rushed to
stop it. Their approach? Mandate every one of their thousands of
employees change their passwords--manually and monitored. A little
tweeting bird told us that enterprise password management could be much
easier.
2. Zoom Users: Just as we were adjusting to the realities of remote work and
being on camera all day, half a million Zoom credentials were posted for
sale on the Dark Web in April. Hackers used several ways in, including
credential stuffing and deployment of multiple bots, to capitalize on
Zoomers' weak and re-used passwords, potentially compromising more of
these users' accounts across the web. At the risk of causing (Zoom)
fatigue, a gentle reminder: strong and unique passwords are table stakes.
3. EasyJet: EasyJet, the UK-based budget airline, unveiled a hidden
high-cost of its discount tickets: stolen personal data. A cyberattack
compromised nine million EasyJet travelers' emails and itineraries, with
over 2,000 customers' credit card details breached. Equally
cringe-worthy: EasyJet told the BBC that they became aware of the hack in
January, though customers whose payment details were snagged weren't
notified by the company until April.
4. Experian: Repeat 2017 Worst Password Offender and world's largest credit
bureau Experian suffered a major breach of its South African branch after
handing over personal information to a client impersonator. The resulting
cyberattack affected an estimated 24 million South Africans and 800,000
businesses who have to pick up the pieces after this jarring experian-ce.
5. Marriott: Starwood, the parent company of the Marriott megachain, was
still recovering from a 2018 data breach when another 5.2 million
Marriott guests were involved in a January hack. The culprit? Compromised
Marriott employee login credentials. Say it with us now: strong and
unique passwords are a must, for work and beyond.
6. Nintendo Gamers: Those who made the switch to more gaming during lockdown
faced an unexpected level: 300,000 Nintendo gamers experienced
unauthorized logins to their accounts. Whether through credential
stuffing or brute force, gamers with weak or reused passwords got
wrecked. Unfortunately, this makes Nintendo a Nintend-no.
7. Home Chef: In trying to make the new 2020 routine a little easier,
millions flocked to meal delivery companies like Home Chef.
Unfortunately, eight million of those users' records ended up for sale on
the Dark Web. Home Chef wasn't the only one making our stomachs
turn--250K users of fellow meal kit service and dishonorable mention
Instacart saw their credentials go up for sale on the Dark Web too.
8. Zoosk: In dating, it's important to put yourself out there--but that
doesn't mean you want sensitive personal details for sale on the Dark
Web. Zoosk, an online dating service, fell victim to a May cyberattack
compromising over 200 million user records, including personal
information like gender and date of birth.
9. Minted: Remember that one art print you bought three years ago? Some of
us paid twice for our purchases--the original fee, plus our data being
breached. Nearly five million of us, in fact. If you're going to make a
new account--especially for a site you probably won't use frequently--use
a password generator to help you stay secure (and a password manager to
keep track of it all).
10. Day traders: Thousands of Robinhood customers were victims of cybertheft
in October after hackers gained access to and drained their accounts.
The online brokerage initially blamed its users' previously-compromised
credentials instead of its own security infrastructure, but some
customers say there's no sign of their emails being compromised. One
thing we know for sure: nothing stinks more than losing out on your
stonks' returns.
Don't Become a Dishonorable Mention.
Learn from the mistakes of this year's Worst Password Offenders--including the President of the United States, who allegedly used the all-too-easy-to-guess maga2020! as his Twitter password--and implement the following best practices to stay off future lists:
-- Use random and different passwords for every account: Password reuse is
an epidemic. Repeating the same password across your accounts is a lot
like using the same key for your house or your car. If someone gets a
hold of those keys, they now have access to everything you want to keep
safe. Hackers can use passwords from compromised accounts to easily
access other accounts. The only protection against this is to have
random and different passwords for every account. Random keeps you
secure.
-- Turn on two-factor authentication (2FA): 2FA is a feature that adds an
additional "factor" to your normal login procedure to verify your
identity. 2FA adds an extra layer of security by verifying your identity
using two of three possible identifiers: something you know (your
password, PIN number, zip code, etc.) something you are (via facial
recognition, your fingerprints, retina scans, etc.), or something you
have (a smart card, your smartphone, etc.). Most apps or websites will
verify you via an email or a text message sent to your phone.
-- Get a password manager. Now. Ditch the notebook, Excel grid, Post-It, or
whichever patented password management "method" you're currently using.
A password manager is literally the only way to safely and conveniently
manage wildly complicated and unique passwords for an unlimited number
of accounts, while providing automatic logins and secure autofill of
personal and payment information.
-- Sign up for breach alerts. Dashlane helps you learn what to do if your
information has been compromised. By signing up for the new Breach
Alerts, Dashlane will alert you if any of your data is found on the Dark
Web, and keep an eye out for breaches that may affect you in the future.
About Dashlane
Dashlane is an app for both individuals and businesses offering a password management solution that is as easy to use as it is secure. Dashlane works across every operating system, device, and browser, opening the walled gardens that normally inhibit our digital experience. For businesses, admins can also easily onboard, offboard, and manage their employees with the assurance that company data is safe.
Our team in Paris, New York, and Lisbon is united by our passion for improving the digital experience and the belief that with the right tools, we can help everyone realize the promise of the internet. Dashlane has empowered over 15 million users and over 20,000 companies in 180 countries to dash across the internet without compromising on security.
View original content to download multimedia:http://www.prnewswire.com/news-releases/twitter-employees-and-zoom-users-top-dashlanes-list-of-2020s-worst-password-offenders-301185331.html
SOURCE Dashlane
|
|
|
|
|
|
 |
Identiv Completes Thailand Manufacturing Transition, Unlocking Next-Generation Multicomponent Manufacturing for Advanced IoT Solutions | Jan 22, 2026
|
|
Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026 | Jan 22, 2026
|
|
New Report Names States Most Vulnerable to Holiday Scams | Jan 22, 2026
|
|
Android Mobile Adware Surges in Second Half of 2025 | Jan 22, 2026
|
|
pgEdge Announces pgEdge Agentic AI Toolkit for Postgres | Jan 22, 2026
|
|
Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack | Jan 22, 2026
|
|
Healthcare Industry Executives are Likely to be Personal Targets of Cybercrime | Jan 22, 2026
|
|
Truvista Fiber Acquires SlyTel | Jan 22, 2026
|
|
Breakthrough Progress: METiS TechBio Publishes Consecutive Research Findings in Nature Communications and the Journal for ImmunoTherapy of Cancer | Jan 22, 2026
|
|
LG ELECTRONICS INTRODUCES 2026 LG GRAM LINEUP ELEVATED BY AEROMINUM | Jan 22, 2026
|
|
|
|
