Many internet users continue to choose weak passwords. According to a NordPass study, more than 80% of chosen codes can be cracked in less than a second by a hacker. However, choosing the wrong password is not without consequences. When you choose a widely used access code, such as the unfortunate "password" or "123456," you make it easier for hackers to do their work. When they try to break into your account, the hacker will start by testing the list of most common passwords.
Above all, a brute force attack will quickly defeat your password. In this type of attack, algorithms will test all combinations in order to guess your code. Software is capable of cracking an online account using only its username. The algorithm takes care of guessing the rest. The simpler your password, the faster the software will succeed.
According to a study by SecureLink, more than 80% of business hacks succeed by exploiting employees' bad password habits. Experts at Keeper Security add that 31% of workers use their child's name or birthday as a PIN... This information is obviously very easy to guess. Also note that 69% of French people use the same password for all their online services, reveals a study by the market research firm Bilend.
On the occasion of World Password Day, which took place on Thursday, May 1, 2025, we look back at several cases where good, well-secured code could have prevented a cyberattack, and the resulting consequences.
solarwinds123
Several large-scale hacks have been facilitated by the choice of a weak password, or one that is downright easy to guess. This is the case with the SolarWinds hack. In 2020, the software publisher was targeted by a supply chain attack. Russian hackers injected a malware called Sunburst into an update to SolarWinds' Orion network monitoring software to penetrate the systems of the company's clients. The company's clients include tech giants such as Microsoft, Google, Cisco, Nvidia, Intel, Malwarebytes, Mimecast, Palo Alto Networks, and CrowdStrike.
During the investigation, it emerged that some SolarWinds servers were secured with a weak password: "solarwinds123." It's possible that this poorly chosen access code facilitated the hackers' entry into the group's systems. This password had been leaked online a few years earlier. Following this revelation, several senior executives at the company blamed a former intern. He was the one who "made this mistake," former SolarWinds CEO Kevin Thompson claimed at the time.
Regardless, the hack had serious consequences. Several branches of the US government were attacked, including the Department of Homeland Security, which is responsible for national computer security. Several European Union institutions were also targeted. All of these targets used Orion software. SolarWinds' image was significantly damaged by the incident.
Microsoft hack by Midnight Blizzard
In January 2024, Microsoft realized that Russian cybercriminals had managed to penetrate the email accounts of several of its executives. After a thorough investigation, the American giant discovered that hackers affiliated with the Russian gang Midnight Blizzard had hacked a test account, not used by the company. Thanks to the permissions granted to this account, the hackers commissioned by Russia were able to view messages exchanged by executives and several employees of the group.
As Microsoft admits, the hackers had no trouble compromising the account. It was indeed secured with a password considered weak. During an attack called "password spraying," the criminals tested a series of widespread codes. The account was quickly compromised, providing access to confidential information. Microsoft declined to specify which password was chosen.
The 2018 Irish Parliament hack
As reported by our colleagues at CyberNews, bad passwords also rocked the Northern Ireland parliament in 2018. That year, hackers managed to guess MPs' passwords using a brute force attack. Apparently, they had opted for frequently used secret words. It didn't take long for the attackers to penetrate the system and view private and sensitive information...
maga2020
We will also remember the hacking of Donald Trump's Twitter account. In 2020, Victor Gevers, a computer security expert, managed to guess the US president's password in just five tries. It was simply "maga2020!", a contraction of the election campaign slogan "Make America Great Again 2020." In this case, this negligence had no consequences. The Dutch expert simply warned the American authorities.
Note that Donald Trump had already been hacked a few years earlier... because of a weak password. The real estate mogul had in fact opted for "yourefired" ("You're fired") to protect his Twitter account. It was the billionaire's favorite phrase when he hosted the reality TV show The Apprentice.
Bo
Unsurprisingly, Donald Trump is not the only personality to fall victim to bad computer security habits. In 2010, a Frenchman, who called himself "Hacker-Croll," managed to guess the password for Barack Obama's Twitter account, who had recently arrived at the White House. The young man revealed that he deduced the Democrat's password by studying his tastes and personality. He quickly determined that Barack Obama had likely chosen his dog's name, Bo, or a variation of it, to protect his social media account.
He did the same with other public figures, including Britney Spears. To achieve his goals, "Hacker-Croll" spent his time studying his targets, says a French detective who worked on the case, interviewed by the Daily Mail :
These last examples illustrate the importance of not choosing a password linked to your loved ones, your tastes, your passions or your pets. These are all too easy to guess, whether by someone close to you with bad intentions or an unknown hacker trying to trap you.
More generally, it is better not to choose a word that is in the dictionary. Instead, we recommend opting for an illogical and unpredictable sequence of numbers, letters, and symbols. This type of code is more resistant to brute force attacks and is impossible to guess. For ease, don't hesitate to turn to a password manager equipped with a generator. These solutions allow you to generate a secure password to protect yourself from hackers.
0 Comments