Data breaches are common nowadays. With work and most personal activities and business operations done online, there has also been a massive increase in hacking and other malicious attacks aimed to steal information and other data.
In fact, last June, the RockYou 2021 data breach leaked over 8.4 billion passwords in one of the biggest online attacks in recent memory.
Now, in an updated research from Have I Been Pawned (via Mozilla), some of the most common passwords that people use have been revealed. Apparently, several people liketo use superhero names as their passwords, with millions using Superman, Batman and more as their passcodes.
In return, Earth's mightiest heroes prove to have no chance against hackers and data breaches.
Superhero Passwords Leaked in Data Breach 2021
As mentioned, superhero passcodes have been frequently used, based on the data gathered by Have I Been Pawned. For those unaware, Have I Been Pawned is an online tool or website that allows users to check if their personal information have been exposed in data breaches or hacking attacks--which is the reason why they have information on the data that have been leaked.
Based on their research, below are the most common superhero names used as passwords and how many people actually used them. Unsuprisingly, aside from Superman and Batman, Spider-Man, Wolverine and Iron-Man topped the list and rounded out the Top 5.
Here's the full list:
- Superman: 368,397
- Batman: 226,327
- Spider-man: 160,030
- Wolverine: 53,745
- Ironman: 44,175
- Wonder Woman and Daredevil: 21,256
- Thor: 7,133
- Marvel's Black Widow and Black Panther: 4,507
- Captain America: 689
Aside from the superhero names, the characters' real identities were also used as passcodes. Wolverine's name as James Howlett ranked as the most used passcode in terms of real identities. It has 30,479 number of passcode users.
Second on the list is Superman's Clark Kent, which has 4,919 users. Of course Bruce Wayne ranks third placer, with Peter Parker and Tony Stark placing fourth and fifth respectively.
Disney Princesses Passwords Were Also Affected
For what it's worth, it's not only superheroes that are often used in passwords. Even Disney Princesses were not able to escape.
In 2019, ZDNet reported that thousand of Disney Plus accounts were up for sale ranging from $3 to $11--far from Disney Plus' original price of $7.99 per month subscription and $79.98 per year. ZDNet pointed out that they saw several Disney Plus accounts being sold in hacking forums.
Curious for the user'ssubscription, ZDNet emailed some account owners to check if the said accounts on Disney Plus are still active. Two of the users confirmed that it was theirs and still active.
In relation to this, a study from Have I Been Pawned (via Mozilla) revealed that several users affected by the data breach had passwords using Disney princesses. The study confirmed that these 12 Disney princesses showed up in the passwords leaked:
- Jasmine: 192,023
- Aurora: 49,763
- Cinderella: 31,774
- Belle: 18,657
- Ariel: 15,431
- Snow White: 13,253
- Pocahontas: 7,915
- Merida: 7,884
- Rapunzel: 6,011
- Tiana: 2,532
- Mulan: 1,478
- Moana: 733
Aside from Disney princesses' names, these Disney words were also included on the list:
- Princess: 484,475
- Star Wars: 175,762
- Disney: 62,925
- Peter Pan: 42,391
- Lion King: 31,504
- Mickey Mouse: 18,943
- Gaston: 15,259
- Fantasia: 13,383
- Frozen: 10,495
Changing passwords is a must, especially in this day and age where most people do everything online. As the Mozilla blog noted, using the same password for an account that has been breached and leaked exposes the user to malicious actors who can take advantage of their accounts once again.