World PassWord Day
Other articles
World Password Day is an annual event that occurs on the first Thursday of every May to encourage people to adopt strong password habits and protect their online identities. The day was created in 2013 by cybersecurity professionals to increase awareness about the importance of password security.
There have been numerous data breaches and compromised passwords worldwide, leading to the exposure of personal information and financial losses. To celebrate World Password Day, companies and individuals promote safer password practices, such as using complex passwords, avoiding password reuse, and adding strong authentication to important accounts.
To commemorate the day we asked Jarod Lim, our Global Head of IT to put together a list of incidents resulting from poor password management, what we can learn from these events and how you can avoid this happening to you.
We hope you find the list both informative and entertaining.
Who has the password to the Olympics?
Before the 2018 Winter Olympics in Pyeongchang, South Korea, started, the organisers were proud of the strong security measures they had put in place to stop cyberattacks. But just as the opening ceremony started on February 9, 2018, a cyberattack took down the official Winter Olympics website and Wi-Fi network.
Even though the attackers’ identities are still unknown, it was later found that they had used stolen credentials, including a weak password, to get into the systems. As a result, the event’s internet and TV services were down for about 12 hours, making it hard for people to print tickets and causing general confusion.
Learnings
The incident is a funny reminder that even high-profile, well-planned events can be attacked by hackers if they have weak passwords. It shows how important it is to use strong passwords and regularly update login credentials to protect valuable systems and data.
What you should do?
Change passwords regularly, especially for sensitive accounts like banking and email.
Risks of having the same password everywhere!
PewDiePie, whose real name is Felix Kjellberg, joked on Twitter in 2017 that he had joined ISIS. This tweet was flagged by Twitter’s automated system as promoting terrorism.
After he was banned, PewDiePie went on YouTube to explain what happened to his fans and said that his account had been hacked because he had a weak password. He had used the same password for multiple accounts, and it was easy to figure out. As a result, a hacker was able to get into his Twitter account and send the offensive tweet.
Learnings
The event served as a reminder of how important it is to use strong, unique passwords for each account and how dangerous it is to reuse passwords. It also pointed out that if you don’t take password security seriously, it could lead to unauthorised access or even account bans.
What you should do?
Use a combination of upper and lower-case letters, numbers, and special characters to create a strong and unique password.
Does Facebook have my password?
In March 2019, it was found out that Facebook had stored hundreds of millions of user passwords in plain text, so that thousands of its employees could see them. During a regular security check, this security flaw was found.
Usually, passwords should be stored using a process called “hashing,” which scrambles the password and makes it nearly impossible to figure out. But because of a series of bugs in Facebook’s systems, the passwords were saved in plain text, which made them easy to read by anyone with access to the internal files.
Even though Facebook said there was no evidence of misuse or improper access by its employees, the incident was both funny and worrying.
Learnings
This was a good reminder that even big tech companies like Facebook can make mistakes when it comes to password security, and that users should be careful to protect their own passwords and online privacy.
What you should do?
Make it a habit to periodically change your passwords for all your social media accounts and online applications.
Sharing your password live
Angela Jameson announced on social media in 2023 that she was making a new fitness app that would change the industry. She decided to host a live stream event to promote her app. During the event, she would show the features of the app and lead her followers through a workout.
As soon as the live stream started, Angela eagerly showed the app on her screen. In her excitement, she accidentally gave out the password to her email account, which was written on a sticky note and stuck to her computer monitor. People quickly caught on to the password and started posting screenshots on social media.
Within minutes, Angela’s mistake with her password was all over the internet. The TV star’s cybersecurity team worked hard to get back control of her email account, which had been accessed by multiple people during the chaos.
Learnings
Angela took care of the problem quickly. She apologised for the mistake and thanked her followers for being understanding. She also used the chance to teach her fans a valuable lesson about password security. She told them not to write down their passwords or keep them in easy-to-find places.
What you should do?
Never write down your passwords on notebooks or on post-it notes. Instead, use a password manager to securely store and manage passwords.
A bad password solves the crime
In March 2021, the Dutch police arrested several people who they thought were using Sky ECC for illegal activities. It turned out that the police had figured out how to break the encryption the service used and had been secretly watching the suspects’ messages.
The interesting part of this story is that the Dutch police were able to read the messages because the users had weak passwords and didn’t follow good security practises. In many cases, the suspects used simple passwords like “1234” or their own names. Also, they didn’t use the platform’s built-in password protection features or two-factor authentication, which would have made it harder for the police to read their messages.
Learnings
This event shows how important it is to choose strong, unique passwords and use available security features to protect sensitive information, even on encrypted platforms. It also shows what could happen if you don’t do this, such as letting people see your private messages or getting in trouble with the law.
What you should do?
Avoid using common patterns, such as “qwerty” or “123456,” as they are easily guessed by attackers. Don’t use personal information such as your name, birthdate, or address as part of your password, as this information is easy for others to guess.
From password to Bitcoin
In 2020, an interesting and funny thing happened with the passwords of the Twitter accounts of former US President Barack Obama, Elon Musk, Bill Gates, and Joe Biden. On July 15, 2020, their accounts were hacked by a large group of people who wanted to run a Bitcoin scam.
The hackers posted tweets from these popular accounts, asking followers to send Bitcoin to a certain address and promising to double their money. Even though the tweets were quickly deleted, the scam still managed to get over $100,000 worth of Bitcoin.
The most interesting thing about this event was that a 17-year-old from Florida was found to be the mastermind behind the attack. The young hacker was able to get into Twitter’s internal tools by using a spear-phishing attack to trick an employee into giving him or her login information. Even though the incident wasn’t directly caused by weak passwords, it showed how important strong security measures are and how much more awareness and training is needed to avoid being a victim of such attacks.
Learnings
This event served as a reminder that even the most well-known people and companies can be the target of cyberattacks, and that strong security practises, such as managing passwords, are essential.
What should you do?
Enable two-factor authentication whenever possible, which requires an additional step, such as a code sent to your phone, to access your account.