Almost 800 Hungarian government email passwords are circulating online in breach dumps, many associated with national security, new research has found.

An investigation by an open-source investigations group Bellingcat has revealed the scale of poor password hygiene across 12 out of the government’s 13 ministries, identifying a total of 795 unique email and password combinations in breach databases.

Most of the exposed credentials (641 out of 795) were linked to four central institutions, namely the Ministry of Interior, the Ministry of Defence, the Ministry of Foreign Affairs and Trade, and the Ministry of National Economy.

According to researchers, staff members used simple passwords together with their government email addresses to sign up for third-party events, apps, or services, like dating, music, sports, and food websites. When these services were breached, the information was dumped online, with multiple breaches containing phone numbers, addresses, dates of birth, usernames, and IP addresses.

In some cases, the confidential information of military personnel and civil servants posted abroad was exposed.

Bellingcat lists several job positions of those who were affected: a senior military officer responsible for information security, a counter-terrorism coordinator in the foreign affairs department, and an employee whose role was to identify hybrid threats against the country.

Researchers uncovered 170 sets of emails and passwords linked to the Ministry of Interior, with employees using passwords like “Arsenal” and “Paprika”. Additionally, credentials of the Ministry of Defence staff were found in 120 compromised records, which included a 2023 breach of NATO’s eLearning services that exposed emails, passwords, and phone numbers.

Although the breaches peaked in 2021, records continue to surface through 2026, and some stealer logs suggest that machines within the affected departments may have been infected. A search of breach databases showed that 97 machines across Hungarian government departments had been compromised, pointing to a much more recent event.

The conversation on this topic is live. Join in the discussion.

Vulnerabilities were particularly noticeable in the identified passwords. A colonel specialising in “information security” used a “FrankLampard” password, apparently inspired by an English football manager. In other cases, a district director used the password “123456aA”, while a senior member of Hungary’s NATO delegation used a password that translates in English to “cute”.

Additionally, a brigadier general used a six-letter nickname, based on his own name, to sign up for a film festival.

Employees of Hungary’s Foreign Affairs Ministry, which had 107 potentially related email and password combinations, often resorted to weak passwords like “porsche911”, “frogger”, and “Batman2013”. In turn, a deputy state secretary used the password “snoopy”, while other staff members used their date of birth or the Hungarian word for “password” – “Jelszo”.

A senior advisor now working for the Ministry of National Economy (where staff suffered 99 breaches) had their credentials breached four times with four different passwords, including an offensive one – “Kurvaanyad1”, a phrase used in Hungarian to insult one’s mother.

The investigation was published ahead of the Hungarian parliamentary election on Sunday, which will determine whether Viktor Orbán, who has served as prime minister of Hungary since 2010, will secure another term in office.

Bellingcat did not receive a response when contacting the Hungarian government’s spokesperson and the Prime Minister’s office.

---

Unlock more exclusive Cybernews content on YouTube.