Sports

Here’s How Alabama Fans and Others Get Rolled by Password Hackers

Disclosure
We publish independently audited information that meets our strong editorial guidelines. Be aware we may earn a commission if you purchase anything via links on our pages.
Password security

We know that World Password Day slipped your mind on Thursday while you were binging Netflix for the 49th straight day of the coronavirus lockdown, but sports fans are being urged to change their computer passwords as soon as possible.

The experts say you’re too predictable, making you easy pickings for hackers looking to clean out bank accounts and create chaos under your name on social media.

World Password Day is a real thing

https://twitter.com/BazzyJeff/status/1258155070039879681

The first Thursday in May has been designated as World Password Day, created in part to encourage online security for people using the internet for commerce, job-related tasks, and social media. Former ESPN sports business analyst Darren Rovell posted about the event on Twitter, eliciting some of the tweets highlighted on this page.

Sports fans appear to be one of the largest groups needing to take password security more seriously. Kevin Lancaster, the founder of ID Agent, crunched data from 2 billion passwords he obtained from the Dark Web and other sources. What he found was a lot of sloppiness.

Password sleuthing is made easier for hackers by tracking what users do on social media. Posting frequently about your pet rabbit will cause hackers to use variations of “Roger Rabbit” and “Bugs Bunny” as they try to crack your password. Not surprisingly, it works the same way with sports, band names, and Hollywood stars.

Alabama fans top the list of offenders

Writing on Facebook about how great you think the Dallas Cowboys or Chicago Bulls are gives the bad guys a place to start. Kevin Lancaster of ID Agent sifted through tons of data and selected these as some of the leading culprits when it comes to creating too-easy passwords:

  • 1. rolltide 
  • 2. yankees 
  • 3. steelers 
  • 4. eagles 
  • 5. redsox 

In response to the obvious questions, random capitalization and substituting numbers for some of the letters don’t help. Hackers know all the tricks and employ scripting to run all the permutations.

“Even with all this noise about all the breaches that happen every day that make the news and how damaging cyberattacks are, we’re still seeing people do really stupid things with passwords, day in and day out.”

Kevin Lancaster, the founder of ID Agent

Lancaster said that more generic approaches like “baseball,” “soccer,” and “tennis” are no better.

By the way, these topped the list of culprits from the world of music:

  • 1. blink182 
  • 2. rush2112 
  • 3. beatles 
  • 4. blondie 
  • 5. 8675309 (That’s a Tommy Tutone reference for the uninitiated.)

A real-life application of password theft

Major League Baseball experienced a hacking scandal in 2015 when the FBI and Justice Department probed the St. Louis Cardinals front office. St. Louis scouting director Chris Correa was accused of using passwords of former Cardinals staffers who left the organization to work for Houston to gain access to proprietary Astros information.

Correa entered a guilty plea to multiple counts, was sentenced to 46 months in federal prison, and was placed on baseball’s permanently ineligible list. The Cardinals were fined $2 million by commissioner Rob Manfred, who awarded the Astros two high St. Louis draft picks.