NVIDIA staff shouldn’t have chosen passwords like these…

NVIDIA staff shouldn’t have chosen passwords like these…

NVIDIA staff passwords cracked and found woeful

Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data from graphics card maker NVIDIA.

The hackers claimed to steal source code from the GPU chip manufacturer, as well as the email addresses and password hashes of some 71,335 employees.

Obviously, any theft of data is not good news. And to make matters worse, many of the passwords were subsequently cracked and circulated via hacking forums.

EmailSign up to our newsletter
Security news, advice, and tips.

Of course, you would hope that any sensible NVIDIA employee would have chosen a sensible hard-to-crack password, and ensured that they weren’t using the same password anywhere else on the internet.

That, after all, is the advice the computer-using public has been given for years now to reduce the potential impact of any password data breach.

So, I wonder what the most common passwords might be that were used by the breached NVIDIA employees? An analysis by Specops Software of 30,000 of the leaked passwords found that these were the top 10 base words:

  1. nvidia
  2. nvidia3d
  3. mellanox
  4. ready2wrk
  5. welcome
  6. password
  7. mynvidia3d
  8. nvda
  9. qwerty
  10. september

Oh dear. Somehow I don’t think you would need to use a powerful NVIDIA GPU for very long to crack that motley collection.

Companies need to adopt better enforcement policies for employee passwords to protect users from making bad decisions. The use of obvious words like “nvidia”, “password”, and “qwerty” should have never been allowed by NVIDIA.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *