Man typing on the keyboard trying to log into his computer forgot password

Who were the worst password offenders of 2021?

Popular password management app Dashlane has named and shamed the worst password offenders of 2021. How many of these stories do you remember from throughout the past 12 months?

And the “winners” are…

Dashlane gave this dubious “honour” to SolarWinds for 2021 after one of its interns used the password solarwinds123, which was subsequently leaked online. An unfortunate incident for a company that develops software for network, system, and IT infrastructure management!

Right behind SolarWinds was “COMB” – Combination of Many Breaches. In effect, this puts most of the global population in second place, as it refers to a breach that saw nearly three billion email and password combinations previously stolen from a range of online services posted onto a hacking forum.

Completing the podium places was another company involved in security, this time Verkada. Unfortunately, its username and password to its backend were found online, with cybercriminals subsequently able to spy on Verkada customers through the cameras they’d sold to them! Verkada cameras are used in many locations, including Tesla factories, hospitals, and prisons, all of which were compromised in the breach.

More focus needed on security in 2022 and beyond

While Dashlane called these three incidents the worst, they’re the tiniest point on the tip of the iceberg when it comes to data breaches throughout the year.

Other notable data breaches in 2021 involved Facebook, GoDaddy, and WordPress, while local authorities in the UK also continued to suffer breaches, often through their own negligence.

In announcing its worst password offenders of 2021, Dashlane said it was more critical than ever for businesses to protect themselves and their customers from phishing and other fraud types. The company also put the current average cost of data breaches at nearly $4.25 million (£3.15 million) and said that 80% of breaches happen due to weak, reused, or stolen employee passwords.

Dashlane wants businesses to create a “culture of security,” in which employees better understand and are better equipped to protect data and IT systems. The company says all businesses should:

  • Train employees how to identify and report suspicious activity
  • Adopt cybersecurity tech solutions like endpoint security, email security, and password managers
  • Make it mandatory for employees to use two-factor (2FA) or multi-factor authentication (MFA)
  • Measure how effective the measures they take to mitigate cybersecurity risks are and identify opportunities for improvement

Dashlane’s call for action comes shortly after Experian’s 2022 data breach forecast warned of the dangers facing businesses and individuals in the coming 12 months.

Dashlane CEO JD Sherman told TechRadar: “If companies don’t start implementing positive password practice across their organization, the breaches are only going to get bigger and more dreadful. If your company were a car, you wouldn’t step away without rolling up the windows and locking the doors. Yet, computer users seem to be leaving cars running and keys in the ignition. Much of the nuisance associated with good password hygiene is taken care of by a password manager.”

How to stay safe online in 2022

While you can’t control if a business suffers a data breach and loses your data, there is plenty you can do to mitigate the potential affects of your details being found by cybercriminals.

  • Use hard to guess passwords for all your online accounts
  • Use a dedicated password manager or a tool like Google’s built-in Chrome solution to choose and store your passwords
  • Use 2FA and MFA if it’s available
  • Never use the same password twice
  • Know how to spot phishing and other types of fraud

If you’re a victim of a data breach, LawPlus is here for you

If you do everything you can to protect yourself online but a business or another organisation is negligent with your data, you could be entitled to compensation.

If your data is involved in a breach in 2022, you can contact LawPlus here for a free, no-obligation assessment of your potential claim.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.