In a report earlier this month, password management specialist Dashlane pointed to the bad password practices of some large companies and digital services.
Despite awareness of the importance of better password management and good computer security reflexes, it should be admitted that users of digital services are not making enough effort. Whether it's activating dual-factor authentication or using a different password on every website visited, not to mention using a password manager, it's not easy to drop bad ways anytime soon.
This article will also interest you: Experts encourage websites to allow passwords to be glued
In the ranking of the worst student in password management, employees of the social network Twitter are at the top of the list. This is partly due to the hacking of a 17-year-old boy from Florida on the social network. The latter had managed to deceive the employees of the social network by using the simple technique of social engineering, which allowed him to publish bitcoin scams using the profiles of nearly 130 accounts among the most followed. In this case joe Biden, Bill Gates, Elon Musk… All employees of the social network had to be asked to change their passwords in order to close the computer breach. It was felt by the IT department that these thousands of employees were not adequately protected.
In second place, users of the Zoom video conferencing app. During the month of April, about 500,000 accounts were published on the dark web. Hackers managed to get this information using bots. It was enough to make the famous practice of Credential Stuffing, which consists in simply insisted through several combinations in order to find the right password.Unfortunately accounts that were protected by fairly weak passwords are easily stolen.
In third place of bad students in terms of password, we have users of the famous Japanese console manufacturer Nintendo. Here it was questioned both the players and the Japanese company. More than 300,000 Nintendo users were unfortunately hacked this year. And this in the midst of the health crisis, where the use of such services was much appreciated, to combat the boredom of confinement. Just like for users of the Zoom video conferencing app, the hacker using the same credential stuffing strategy associated with brute force attack. Of course the users with the most fragile passwords were the ones that were hacked. According to the password manager specialist, the Japanese company should review its security.
In addition, several other groups have suffered similar setbacks. While this has allowed them to improve the quality of their computer security in some way, some cases remain symbolic. For example, there is the massive apartment data leak to nearly 9 million customers of easyJet's airline. The latter has unfortunately misled by leaking important data some of the bank loan information of 2000 of its customers and several identifying information and addresses e-mail. It was last April that the flaw was revealed to the general public when the airline was indeed aware of the vulnerability since January.
Iconic data leaks include the Marriott Hotel Group. In this case, nearly 500 million customers saw the personal data stolen by hackers in 2018, following a computer attack suffered by the company earlier this year. The main reason for this cyberattack was the use of compromised identifiers by several staff members.
In addition, we can also cite the experience of the world's largest credit bureau known on the name Experian. Unfortunately, the company made a big mistake, room to pass on to a hacker, personal information, because the latter had managed to impersonate a customer, with a South African subsidiary of the multinational. The balance sheet was unseeful, more than 24 million people were directly impacted as well as nearly 800,000 companies in South Africa.
Now access an unlimited number of passwords: