News Feed Item

Donald Trump, Equifax Top Dashlane's "Worst Password Offenders" of 2017

Password Manager Releases Second Annual Rankings

NEW YORK, Dec. 7, 2017 /PRNewswire/ -- Dashlane, the award-winning password manager, and one of the world's most trusted digital security companies, today announced its second annual list of the "Worst Password Offenders." The rankings highlight the high-profile people and organizations that suffered the most significant password-related blunders of 2017.  

Dashlane Logo

While the violators on this list vary, they all showcase that common password mistakes can cause great embarrassment and economic loss, and that the aftermath of a breach can often be prevented. Most people make the same simple errors that these offenders made, such as using weak passwords or reusing passwords for multiple accounts. And, now that Equifax has exposed the data of nearly 150 million people, using a unique password for every account has become the duty of every person and business using the Internet.

Learn how to prevent common hacks here: http://blog.dashlane.com/year-of-the-hack

Dashlane's "Worst Password Offenders" of 2017, in order of rank:        

1. Donald Trump: The President tops this year's list of offenders, and for good reason. As a person who has continually lamented the cybersecurity woes of his opponents, and trumpeted his own, his leadership in this area leaves much to be desired.

For starters, a January investigation by UK outlet Channel 4 News exposed that many of the top staff members Trump handpicked, including multiple cabinet secretaries, senior policy directors – even cybersecurity advisor Rudy Giuliani – were reusing unsecure, simple passwords. These passwords were used across multiple websites, as well as for their personal email accounts, and were believed to have been part of a slew of breaches that occurred between 2012 and 2016.

This revelation is not to be taken lightly, and signals that a president who touts his cybersecurity prowess may have added numerous cyber vulnerabilities to the nation's highest office. Trump also has direct connections to three of our other Top 10 offenders (Republican Party, Paul Manafort, Sean Spicer), which suggests he has never implemented proper cybersecurity protocols in any of his positions. Lastly, numerous Trump Organization websites were hacked this year, and a multitude of leading security experts questioned the security of his Twitter devices and accounts.

2. Equifax: The Equifax breaches of 2017 allowed cybercriminals to access the personal information of nearly 150 million people in the US, UK, and Canada. Pouring salt in the wound was the additional discovery by security researcher Brian Krebs that the company was using the username/password combination "admin/admin" for some of its online portals. Although the cause(s) of the breaches are still unknown, it's clear that Equifax's egregious password practices put the personal information of millions around the world at risk.

3. UK Government: A June investigation by The Times found that Russian hackers were trading thousands of passwords belonging UK government officials. Affected parties included MPs, parliamentary staff, and officials in the Foreign Office, including the head of IT. Most of the passwords were stolen from previous breaches, and because they remained unchanged after the breaches, the Russian hackers had easy access to their accounts. Perhaps the most concerning element of the report was that the most popular password for these officials was…you guessed it: "password."

In an unrelated December incident, multiple MP's Tweeted that they routinely share their passwords. They were defending a colleague they believe was falsely accused of an offense, but as security researcher Troy Hunt stated, the incident," …illustrates a fundamental lack of privacy and security education." Non-secure password sharing increases infosec risks and undoubtedly leaves these MP's, as well as Parliament, susceptible to a variety of cyber dangers.  

4. Department of Defense:  Defense contractor Booz Allen Hamilton left the Pentagon severely exposed by leaving critical files on a non-password protected Amazon server. Included in the exposed data were several unencrypted passwords that could have been used to access classified D.O.D. information.

5. Republican Party: One of the GOP's data analytics firms accidentally leaked the personal details of 198 million Americans – roughly the entire voting-age population. One cybersecurity expert described the leak as a "gold mine for anyone looking to target and manipulate voters." Much like the Pentagon hack, the firm was storing data on a non-password protected server.

6. Google: A wide-scale phishing attack in May compromised an unknown number of Google users' login credentials. The attack sent users to a real Google sign-in screen and captured their credentials when the user gave permission to a third-party app. Although Google swiftly resolved the issue, it highlights the password-related dangers that come with phishing attacks, as well as the need for extra vigilance by both users and companies regarding app access.  

7. HBO: Your favorite Sunday night lineup provider was hit by a variety of hacks and breaches in 2017. These ranged from the leaks of episodes and stars' personal information, to the network's social media accounts getting hacked. Spoiler alert: HBO was treating cybersecurity lightly. After the litany of incidents, employees came forward with reports of terrible cybersecurity practices, including the reuse of passwords for personal and work accounts.

8. Imgur: The cause of this recent breach is still unknown, but the company admitted that at the time of the hack it was using an outdated algorithm to encrypt its users' passwords. Although it updated its encryption last year, the damage was already done as 1.7 million user passwords were potentially compromised.  

9. Paul Manafort: Donald Trump's recently indicted campaign manager appears to be to a James Bond fan, as he was using 'Bond007' as his password for multiple personal accounts, including Dropbox and Adobe. The dangers of password re-use are real, and the fact that he and so many Trump associates are on this list is unsettling.

10. Sean Spicer: Remember him? The least critical incident on our list is still of note, as the former Press Secretary sent numerous Tweets of what appeared to be his very own passwords. His copying and pasting mistakes highlight the need for password managers that can automatically log you in, leaving no data stuck on the clipboard. Or podium.  

Avoid Your Own Dishonorable Mention

It may seem easy to call out the unhealthy habits of public figures, but if you've found yourself committing any of the same cybersecurity sins as the offenders on our list, you are at risk too.  

Here are the top three lessons to learn from the 2017 incidents:

1. Actually Use Passwords: This one seems obvious, but as our list shows, it's not always followed. Whether on a server, in an email account, or in an app, you should always secure your data with passwords as they're the first, and often only, line of defense between hackers and your personal information.

2. Use Strong Passwords: Never use passwords that are easy to guess, or that contain names, proper nouns, or things people can easily research about you. All of your passwords should be longer than eight characters and include a mix of random letters, numbers, and symbols. Use a password generator to think of them for you.

3. Never Reuse Passwords: Each and every one of your accounts needs a unique password. As our offenders underscored, the risk in password reuse is that hackers can use passwords from compromised accounts to easily access other accounts. The only protection against this is to have a different password for every account.

Password managers like Dashlane can help protect you on any device. In addition to creating unique strong passwords for all of your accounts, Dashlane ensures you're not reusing passwords for multiple accounts, alerts you when breaches occur, and lets you change your passwords automatically in one-click.

To learn more, visit dashlane.com.  

About Dashlane 

Dashlane, one of the world's most trusted digital security companies, takes the pain out of passwords with its password manager and secure digital wallet app. Dashlane allows users to securely manage passwords, credit cards, IDs, and other important information via advanced encryption and local storage.

With so many devices, the line between home and work no longer exists. Thankfully, Dashlane works everywhere, for everyone. The company has helped 9 million consumers manage and secure their digital identity and enabled over $10 billion in e-commerce transactions. Dashlane Business is trusted by 7,000+ companies to create, enforce, and track effective access management, and features the only patented security architecture in the industry.

The Dashlane app is available on PC, Mac, Android, and iOS, and has won critical acclaim by top publications including The Wall Street JournalThe New York Timesand USA Today. Dashlane is free to use on your favorite device for life, and costs $39.99/year to sync between an unlimited number of devices.

Dashlane was founded by Bernard Liautaud and co-founders Alexis Fogel, Guillaume Maron and Jean Guillou. The company has offices in New York City and Paris, and has received $52.5 million in funding from TransUnion, Rho Ventures, FirstMark Capital and Bessemer Venture Partners. Learn more at Dashlane.com.

View original content with multimedia:http://www.prnewswire.com/news-releases/donald-trump-equifax-top-dashlanes-worst-password-offenders-of-2017-300567696.html

SOURCE Dashlane

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketing and Strategy at CA Technologies, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...