It may take a hacker less than a second to hack into Fortune 500 companies as they use weak passwords, such as “password”, “12345”, “Hello123”, “sunshine”, and other uncomplicated phrases, a recent report by NordPass revealed.
Even the Fortune 500 don’t use secure passwords, the research revealed. NordPass experts analyzed data from public third-party breaches that affected Fortune 500 companies. In total, the analyzed data included 15,603,438 breaches, and was categorized into 17 different industries.
It became clear that even the biggest companies remain vulnerable to breaches due to poor password hygiene. For example, the top password in the retail and e-commerce industry is “password”, the same as in the industries of energy, technology, finances, and others. “123456”, “Hello123”, and “sunshine” are also among the weakest password choices.
“Businesses and their employees have a duty to protect their customers’ data. A weak password of one employee could potentially jeopardize the whole company if an attacker used the breached password to gain access to sensitive data,” Chad Hammond, a security expert at NordPass, is quoted in a press release.
The analysis showed that 20% of passwords were the exact name of the company or its variation. The hospitality industry had the most passwords that were the company’s name or its variation. “Vacation” was one of the most popular passwords in the healthcare industry. The industry of human resources had the highest unique password percentile, standing at 31%. The telco industry had only around 20% of unique passwords and financial services - 25%.
According to an IBM report, an average global cost of a data breach is $3.86 million. However, a data breach in the healthcare industry costs much more — $7.13 million. And out of all countries, data breaches in US-based companies are the most expensive — $8.64 million. According to Statista, the cost consists of things like lost business resulting from diminished trust or confidence of customers; costs related to detection, escalation, and notification of the breach; ex-post response activities, such as credit report monitoring.
In addition to that, countries in the European Union face GDPR fines, which are a maximum of €20 million or 4% of the annual global turnover, whichever is greater.
The best password is the one you can’t remember at all, so we recommend using our strong password generator and then store your password on a password manager. We recommend you visit our Data Leak Checker to see if your email address and other personal data have been exposed in a data breach.
More from CyberNews:
Subscribe to our newsletter
Use our Strong Password Generator. Create strong passwords that are completely random and impossible to guess