These passwords take 1 second to crack

Here’s a wild stat: 78% of the world’s most common passwords can be cracked in less than a second. The most-used password in the world, “123456,” has been leaked more than 3 million times. And get this: 1.2 million of those were corporate passwords.

This is based on fresh research from my password manager pick. For six years, NordPass has studied how we handle passwords. Let’s dive into the numbers. Spoiler: It’s not pretty.

The most common leaked passwords

NordPass analyzed more than 9 million stolen passwords. The most common:

  1. 123456 (found 3,018,050 times)
  2. 123456789 (found 1,625,135 times)
  3. 12345678 (found 884,740 times)
  4. password (found 692,151 times)
  5. qwerty123 (found 642,638 times)
  6. qwerty1 (found 583,630 times)
  7. 111111 (found 459,730 times)
  8. 12345 (found 395,573 times)
  9. secret (found 363,491 times)
  10. 123123 (found 351,576 times)

All of these take less than 1 second to crack. One trick is a brute-force attack, where hackers try every password combo until they hit the jackpot. 

They also use leaked password databases from previous breaches.

Because many people reuse their passwords, your leaked Netflix login could allow them to access your cable company account, too.

Making a big mistake worse

Of course, all these were stolen or hacked, so you’d expect them to be weak. But the list also includes some you might be using even if you’re more tech-savvy.

Think sequential numbers or letters on a keyboard (e.g., “567890” or “asdfgh”), repeated characters (e.g., “99999”), or easy-to-guess words like “princess” or “baseball.” You’re not the only one using pet names, hobbies or your favorite teams for inspiration.

Here’s the scariest part: 40% of the most common passwords in the personal and work lists are identical. That means if hackers get into one of your personal accounts, they can waltz right into your work systems, too.

Continue reading

Everything we know about the MoneyGram breach

Another day, another massive data breach. This time, it’s MoneyGram, a global mega-company that handles money transfers, bill pay and other financial services. They have digital platforms and retail locations, and they even power Walmart’s money-transfer service.

Continue reading

Bosses are firing Gen Z workers fast

Open/download audio

Gen Z grads are getting the axe — 6 in 10 employers have already let them go. Plus, a massive security breach exposed the private info of millions. Find out how one guy spent $1K on Facebook Ads to find love and about a new law that could change your car radio.

🚨 Data disaster: Archive.org, the internet’s digital library, just suffered a massive breach, leaking 31 million records — emails, addresses, screen names and hashed passwords. The site claims a DDoS attack, but reports confirm it was actually hacked. The cherry on top? Hackers temporarily posted on the homepage, “See 31 million of you on HIBP!” That’s Have I Been Pwned.

40% of employees

Getting laid off at 23andMe. The DNA company narrowly avoided being delisted from the stock exchange after 7 million people’s data was stolen. If you used 23andMe, delete your info, like, now.

So much data left exposed for anyone to see

Another day, another monumental data breach. Just because they’re getting more common doesn’t mean you can tune it out. In fact, it’s time to get even more serious about your private information and what’s posted online.

Continue reading

Small-biz tip: Don't overlook this digital danger

Are you the type of business owner who forgets about ex-employees as soon as they’re gone? Failing to remove former employees’ access to your systems and data could lead to security breaches. Don’t let poor offboarding practices be the weak link in your cybersecurity chain.

Continue reading

😡 Frustration overload: This summer’s National Public Data hack leaked the personal details of 2.9 billion people. Now, the company’s drowning in class-action lawsuits and might be stuck paying for credit monitoring. No surprise, they just filed for bankruptcy, claiming only a few thousand dollars in assets. How convenient.

🚨 Fidelity Investments got hacked: No details yet on what personal data was leaked from 77,000 customers, but Fidelity says funds weren’t accessed. Hackers got in using two newly created customer accounts. I’ll bet you $10 that the number of customers affected is much, much higher. Change your passwords.

MoneyGram data breach: Over 150 million customers were exposed. We’re talking names, addresses, IDs, bank account numbers, the whole nine yards. How’d they do it? Someone pretended to work there and got in. If you’re affected, expect to get a notice offering two years of free identity protection and credit monitoring services.

🚨 Comcast and Truist Bank data breach: Both used Financial Business and Consumer Solutions (FBCS) to collect unpaid debts on their behalf. Around 7.4 million FBCS customers had their full name, SSN, DOB, driver’s license number or ID card, and other personal data breached. You know the drill — freeze your credit and watch out for phishing scams, texts and phone calls.

🚨 Seven years of slacking: Meta’s been slapped with a $101 million fine for storing up to 600 million Facebook and Instagram passwords in plain-text format. That’s a major security no-no. Even worse? The breach was discovered in 2019, but some passwords had been unprotected since 2012 and were searchable by over 20,000 Meta employees. The fine isn’t big enough.

Spot the fake: Change Healthcare is offering free credit monitoring after this year’s massive data breach (paywall link). A reported one in three Americans had their insurance info, Social Security number, health conditions and more leaked. The credit monitoring is through IDX. If you get anything else in the mail, it’s a scam. Just a reminder: If you haven’t frozen your credit yet, here are the steps.

ADT hides a major cyber hack

Open/download audio

How secure is your home or business? ADT just revealed a data breach but is keeping quiet about the timing and details of what was stolen. Plus, the risks of storing cash in Cash App, AI classes for seniors, and a crucial Amazon Echo security setting you should check.

🚨 Wookie mistake: You’ve probably heard about the recent National Public Data breach, which exposed the deets of 2.9 billion people. Now, a sister site with access to the same consumer records as NPD accidentally published passwords in a publicly accessible file. Nutso. It was available until Aug. 19. If you haven’t yet, I strongly advise you to freeze your credit.

Lock your credit files immediately

Open/download audio

Another huge data breach — 2.9 billion records exposed, including Social Security numbers. Here are the quick steps you need to take right now to protect yourself.

🚨 Spoiler: You’re on the list! See if your info was exposed in the NPD breach that hit 2.9 billion people. Go to Pentester and enter your name, state and date of birth. The crazy part? You can look up anyone on this site. I found Bill Gates!

ADT hides a major cyber hack

Open/download audio

The home surveillance company revealed a data breach but is hiding the details. I’ll tell you why this should make you rethink who’s protecting your home.

⚠️ 2.9 billion records leaked: Background-check company National Public Data may be responsible for one of the biggest data breaches in history. A lawsuit claims their negligence exposed 2.9 billion Social Security numbers, full names, addresses and so much more on the Dark Web. We all need to freeze our credit. Steps here.

Another health care data breach: This time, it’s HealthEquity, a tech company that runs health savings accounts. Criminals got their hands on 4.3 million people’s names, numbers, addresses and payment info. What’s strange, though, is that no malware was spotted during the investigation, and there’s been no ransom demand yet.