Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data from graphics card maker NVIDIA.
The hackers claimed to steal source code from the GPU chip manufacturer, as well as the email addresses and password hashes of some 71,335 employees.
Obviously, any theft of data is not good news. And to make matters worse, many of the passwords were subsequently cracked and circulated via hacking forums.
Sign up to our newsletterOf course, you would hope that any sensible NVIDIA employee would have chosen a sensible hard-to-crack password, and ensured that they weren’t using the same password anywhere else on the internet.
That, after all, is the advice the computer-using public has been given for years now to reduce the potential impact of any password data breach.
So, I wonder what the most common passwords might be that were used by the breached NVIDIA employees? An analysis by Specops Software of 30,000 of the leaked passwords found that these were the top 10 base words:
- nvidia
- nvidia3d
- mellanox
- ready2wrk
- welcome
- password
- mynvidia3d
- nvda
- qwerty
- september
Oh dear. Somehow I don’t think you would need to use a powerful NVIDIA GPU for very long to crack that motley collection.
Companies need to adopt better enforcement policies for employee passwords to protect users from making bad decisions. The use of obvious words like “nvidia”, “password”, and “qwerty” should have never been allowed by NVIDIA.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.
