New research released by Specops Software outlines the most common Fortune 500 company names that show up in compromised password data. The Specops research team analysed an 800 million password subset of the larger Breached Password Protection database to obtain these results. Among the top ten, popular household names like Coca-Cola (16,710 appearances), Starbucks (3,800 appearances) and McDonald’s (2,270 times) appear.
The most common Fortune 500 company to have been found among passwords in the subset was Williams, relating to Shermin Williams and/or Williams Sonoma. “Williams” appears over 72,000 times. The full list, which also includes Microsoft and Bank of America, can be found here.
The research focuses on Fortune 500 company names with more than 8 letters. Short company names naturally have more matches due to the short string of letters matching other words (e.g. while “GE” is a Fortune 500 company, looking for “ge” in compromised password data would match many unrelated phrases).
It is important to note that, despite the companies showing up in these lists, this in no way indicates that they’ve suffered a breach or that their specific passwords have been leaked.
Darren James, Senior Product Manager at Specops Software, explained the results further: “There are many reasons a company name can show up in a compromised password. Whether it’s because the company name overlaps with another word or a consumer is a big fan, the fact remains that these names are showing up within passwords on wordlists attackers are using to attack networks. Organisations would always be smart to block the use of their own organisation name in their users’ passwords with a custom dictionary.”
This research comes shortly after the release of the Specops annual Weak Password Report, which found that ‘password’ is still the most common term used by hackers to breach enterprise networks.