News Feed Item

Donald Trump, Equifax Top Dashlane's "Worst Password Offenders" of 2017

Password Manager Releases Second Annual Rankings

NEW YORK, Dec. 7, 2017 /PRNewswire/ -- Dashlane, the award-winning password manager, and one of the world's most trusted digital security companies, today announced its second annual list of the "Worst Password Offenders." The rankings highlight the high-profile people and organizations that suffered the most significant password-related blunders of 2017.  

Logo - http://mma.prnewswire.com/media/616239/Dashlane_Logo.jpg

While the violators on this list vary, they all showcase that common password mistakes can cause great embarrassment and economic loss, and that the aftermath of a breach can often be prevented. Most people make the same simple errors that these offenders made, such as using weak passwords or reusing passwords for multiple accounts. And, now that Equifax has exposed the data of nearly 150 million people, using a unique password for every account has become the duty of every person and business using the Internet.

Learn how to prevent common hacks here: http://blog.dashlane.com/year-of-the-hack

Dashlane's "Worst Password Offenders" of 2017, in order of rank:        

1. Donald Trump: The President tops this year's list of offenders, and for good reason. As a person who has continually lamented the cybersecurity woes of his opponents, and trumpeted his own, his leadership in this area leaves much to be desired.

For starters, a January investigation by UK outlet Channel 4 News exposed that many of the top staff members Trump handpicked, including multiple cabinet secretaries, senior policy directors – even cybersecurity advisor Rudy Giuliani – were reusing unsecure, simple passwords. These passwords were used across multiple websites, as well as for their personal email accounts, and were believed to have been part of a slew of breaches that occurred between 2012 and 2016.

This revelation is not to be taken lightly, and signals that a president who touts his cybersecurity prowess may have added numerous cyber vulnerabilities to the nation's highest office. Trump also has direct connections to three of our other Top 10 offenders (Republican Party, Paul Manafort, Sean Spicer), which suggests he has never implemented proper cybersecurity protocols in any of his positions. Lastly, numerous Trump Organization websites were hacked this year, and a multitude of leading security experts questioned the security of his Twitter devices and accounts.

2. Equifax: The Equifax breaches of 2017 allowed cybercriminals to access the personal information of nearly 150 million people in the US, UK, and Canada. Pouring salt in the wound was the additional discovery by security researcher Brian Krebs that the company was using the username/password combination "admin/admin" for some of its online portals. Although the cause(s) of the breaches are still unknown, it's clear that Equifax's egregious password practices put the personal information of millions around the world at risk.

3. UK Government: A June investigation by The Times found that Russian hackers were trading thousands of passwords belonging UK government officials. Affected parties included MPs, parliamentary staff, and officials in the Foreign Office, including the head of IT. Most of the passwords were stolen from previous breaches, and because they remained unchanged after the breaches, the Russian hackers had easy access to their accounts. Perhaps the most concerning element of the report was that the most popular password for these officials was…you guessed it: "password."

In an unrelated December incident, multiple MP's Tweeted that they routinely share their passwords. They were defending a colleague they believe was falsely accused of an offense, but as security researcher Troy Hunt stated, the incident," …illustrates a fundamental lack of privacy and security education." Non-secure password sharing increases infosec risks and undoubtedly leaves these MP's, as well as Parliament, susceptible to a variety of cyber dangers.  

4. Department of Defense:  Defense contractor Booz Allen Hamilton left the Pentagon severely exposed by leaving critical files on a non-password protected Amazon server. Included in the exposed data were several unencrypted passwords that could have been used to access classified D.O.D. information.

5. Republican Party: One of the GOP's data analytics firms accidentally leaked the personal details of 198 million Americans – roughly the entire voting-age population. One cybersecurity expert described the leak as a "gold mine for anyone looking to target and manipulate voters." Much like the Pentagon hack, the firm was storing data on a non-password protected server.

6. Google: A wide-scale phishing attack in May compromised an unknown number of Google users' login credentials. The attack sent users to a real Google sign-in screen and captured their credentials when the user gave permission to a third-party app. Although Google swiftly resolved the issue, it highlights the password-related dangers that come with phishing attacks, as well as the need for extra vigilance by both users and companies regarding app access.  

7. HBO: Your favorite Sunday night lineup provider was hit by a variety of hacks and breaches in 2017. These ranged from the leaks of episodes and stars' personal information, to the network's social media accounts getting hacked. Spoiler alert: HBO was treating cybersecurity lightly. After the litany of incidents, employees came forward with reports of terrible cybersecurity practices, including the reuse of passwords for personal and work accounts.

8. Imgur: The cause of this recent breach is still unknown, but the company admitted that at the time of the hack it was using an outdated algorithm to encrypt its users' passwords. Although it updated its encryption last year, the damage was already done as 1.7 million user passwords were potentially compromised.  

9. Paul Manafort: Donald Trump's recently indicted campaign manager appears to be to a James Bond fan, as he was using 'Bond007' as his password for multiple personal accounts, including Dropbox and Adobe. The dangers of password re-use are real, and the fact that he and so many Trump associates are on this list is unsettling.

10. Sean Spicer: Remember him? The least critical incident on our list is still of note, as the former Press Secretary sent numerous Tweets of what appeared to be his very own passwords. His copying and pasting mistakes highlight the need for password managers that can automatically log you in, leaving no data stuck on the clipboard. Or podium.  

Avoid Your Own Dishonorable Mention

It may seem easy to call out the unhealthy habits of public figures, but if you've found yourself committing any of the same cybersecurity sins as the offenders on our list, you are at risk too.  

Here are the top three lessons to learn from the 2017 incidents:

1. Actually Use Passwords: This one seems obvious, but as our list shows, it's not always followed. Whether on a server, in an email account, or in an app, you should always secure your data with passwords as they're the first, and often only, line of defense between hackers and your personal information.

2. Use Strong Passwords: Never use passwords that are easy to guess, or that contain names, proper nouns, or things people can easily research about you. All of your passwords should be longer than eight characters and include a mix of random letters, numbers, and symbols. Use a password generator to think of them for you.

3. Never Reuse Passwords: Each and every one of your accounts needs a unique password. As our offenders underscored, the risk in password reuse is that hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have a different password for every account.

Password managers like Dashlane can help protect you on any device. In addition to creating unique strong passwords for all of your accounts, Dashlane ensures you're not reusing passwords for multiple accounts, alerts you when breaches occur, and lets you change your passwords automatically in one-click.

To learn more, visit dashlane.com.  

About Dashlane 

Dashlane, one of the world's most trusted digital security companies, takes the pain out of passwords with its password manager and secure digital wallet app. Dashlane allows users to securely manage passwords, credit cards, IDs, and other important information via advanced encryption and local storage.

With so many devices, the line between home and work no longer exists. Thankfully, Dashlane works everywhere, for everyone. The company has helped 9 million consumers manage and secure their digital identity and enabled over $10 billion in e-commerce transactions. Dashlane Business is trusted by 7,000+ companies to create, enforce, and track effective access management, and features the only patented security architecture in the industry.

The Dashlane app is available on PC, Mac, Android, and iOS, and has won critical acclaim by top publications including The Wall Street JournalThe New York Timesand USA Today. Dashlane is free to use on your favorite device for life, and costs $39.99/year to sync between an unlimited number of devices.

Dashlane was founded by Bernard Liautaud and co-founders Alexis Fogel, Guillaume Maron and Jean Guillou. The company has offices in New York City and Paris, and has received $52.5 million in funding from TransUnion, Rho Ventures, FirstMark Capital and Bessemer Venture Partners. Learn more at Dashlane.com.


More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, provided a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to oper...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored applications in several industries and discussed technologies that allow the deployment of advanced visualization solutions to the cloud.
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...