These Companies Had the Worst and Dumbest Password Breaches in 2021

Facebook, Ticketmaster and a surprising number of tech and security firms were hacked or leaked sensitive information

stock photo of Young Asian woman logging in to her laptop and holding smartphone on hand with a security key lock icon on the screen, sitting in the living room at cozy home. Password security for corporations was recently called out by Dashlane.
A single stolen employee log-in can lead to huge security breaches
d3sign / Getty Images

Dashlane’s just-released sixth annual Worst Password Offenders list shines a light on corporations that experienced various leaks and data breaches throughout a year when many of us were stuck at home and on our computers — making these errors in privacy protection that much more egregious.

“If companies don’t start implementing positive password practice across their organization, the breaches are only going to get bigger and more dreadful,” says JD Sherman, CEO of Dashlane. “If your company were a car, you wouldn’t step away without rolling up the windows and locking the doors. Yet, computer users seem to be leaving cars running and keys in the ignition.”

The password management site called out 10 major incidents, including:

  • SolarWindsMaybe a company that builds IT management software should learn a bit about data protection. In February a company intern was reportedly to blame for using the password solarwinds123, which was leaked online and exposed a SolarWinds file server.
  • Verkanda: Hackers gained control of 150,000 cameras from this cloud-based security system, including cameras in Tesla’s factories and warehouses, along with those in hospitals, jail, schools and Equinox gyms.
  • RockYou2021: Not a company, but a name for maybe the biggest data breach of all-time, where a 100GB TXT file containing 8.4 billion entries of passwords were released on a popular hacker forum.

Other companies called out included Facebook (533 million users were exposed in a data breach), Ticketmaster (employees utilized unlawfully obtained passwords to hack a rival company’s computer systems), GoDaddy (data of up to 1.2 million of its customers was exposed after hackers gained access to the company’s managed WordPress hosting environment) and the New York City Law Department, which was breached when a hacker was able to use an employee’s stolen email password. As Dashlane notes, that department features “some of the city’s closely guarded secrets,” from evidence of police misconduct to medical records of city employees.

Dashlane’s solution for businesses includes improved endpoint security, password managers (natch) and enhanced email security solutions. The company also points out that, according to Verizon’s 2021 Breach Investigations Report, the average cost of a data breach is $4.24 million and 80% of breaches are caused by weak, reused and stolen employee passwords.

In other words, clicking on suspicious links at work or adding “123” to your company name as a log-in might not be the best plan for keeping your business data safe.

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.