Top password manager Dashlane has published its fifth annual ranking of the world’s worst password offenders.
Previous notable winners (or losers?) include Kanye West and Donald Trump, but this year Twitter employees were given the ignominious title.
“The attack, orchestrated by a 17-year-old Florida high-schooler, saw several employees ‘reset their passwords’ on a dummy site that, in addition to collecting login information, extracted multi-factor authentication codes.”
The incident saw 130 user accounts compromised, including those owned by Bill Gates, Jeff Bezos, Barack Obama and other influential figures. Tweets were published from 45 of these accounts, peddling a cryptocurrency scam that generated upwards of $100,000 for its perpetrators.
For its high-profile nature and far-reaching consequences, this password-related snafu was adjudged to merit the top spot on the list.
Worst password offenders of 2020: best of the rest
For a range of different password-related transgressions, Zoom users take second position in this year’s ranking. According to Dashlane, the transition to remote working and regular video conferencing proved challenging for many – and password security was not high on the priority list.
“Just as we were adjusting to the realities of remote work and being on camera all day, half a million Zoom credentials were posted for sale on the dark web in April,” explained the firm.
“Hackers used several ways in, including credential stuffing and deployment of multiple bots, to capitalize on Zoomers’ weak and reused passwords.”
Budget UK airline easyJet rounds out the top three, for the compromise of data relating to nine million customers, including 2,000 credit cards.
Here is the full rundown of the worst password offenders of 2020, according to Dashlane:
1). Twitter employees
2). Zoom users
6). Nintendo gamers
7). Home Chef
10). Day traders
To help you avoid becoming a “dishonorable mention” on next year’s list, Dashlane also published a series of pointers for keeping your passwords secure.
The advice includes using complex new passwords for each online account, deploying two-factor authentication (2FA) where possible, signing up for breach alerts and, predictably, adopting a leading password manager.