These Fortune 500 Companies Show Up Most Often in Compromised Password Data

Today, the Specops research team is sharing the results of their latest findings on the use of Fortune 500 company names in compromised passwords. The release of these findings coincides with the latest addition of over 33.9 million compromised passwords to the Specops Breached Password Protection service, which helps organizations block the use of over 4 billion unique compromised passwords in Active Directory.

The team analyzed an 800 million password subset of the larger Breached Password Protection database to find the top Fortune 500 company names in compromised password data.

“There are many reasons a company name can show up in a compromised password,” said Darren James, Senior Product Manager at Specops Software. “Whether it’s because the company name overlaps with another word or a consumer is a big fan, the fact remains that these names are showing up within passwords on wordlists attackers are using to attack networks. Organizations would always be smart to block the use of their own organization name in their users’ passwords with a custom dictionary.”

Methodology

The Specops research team took the list of Fortune 500 companies and checked the names and variations for occurrences within the 800 million compromised password data subset.

Short company names innately have more matches due to the short string of letters matching other words (e.g. While “GE” is a Fortune 500 company, looking for “ge” in compromised password data would match many unrelated phrases like “I have an average password” and “genXpassword” and “page1234” etc.). To that end, our team filtered results to only show company names and variations that contained 8 characters or more.

Companies showing up in our results list in no way indicates they’ve suffered a breach or that their specific passwords have been leaked. A company showing up in our results simply means people somewhere came up with a password that contained their company name or variation and that password, at some point, ended up in compromised password data.

Results

Fortune 500 Company Names Found in Compromised Password Data

The below list of Fortune 500 company names or variations appear the most frequently in compromised password data when looking up names or variations that were 8 characters or longer.

  1. Sherwin Williams and/or Williams Sonoma (“Williams” appears over 72,000 times)
  2. Norfolk Southern (“Southern” appears over 22,000 times)
  3. Conoco Phillips and Phillips 66 (“Phillips” appears over 16,760 times)
  4. Coca-Cola (“CocaCola” with or without a hyphen appears over 16,710 times)
  5. Microsoft (“Microsoft” appears over 8,000 times)
  6. Marathon Petroleum (“Marathon” appears over 6,000 times)
  7. Starbucks (“Starbucks” appears over 3800 times)
  8. Alphabet (“Alphabet” appears over 3700 times)
  9. Bank of America (“BankofAmerica” with or without spaces appears over 2800 times)
  10. McDonald’s (“McDonald’s” with or without the apostrophe appears over 2270 times)

“The companies on this list should block their company name from use in their company passwords with a custom dictionary, if they are not doing so already,” said James. “But that’s advice we give any organization whether they make the Fortune 500 list or not. Why? Because attackers looking to get into your organization in particular are always going to make use of common user behavior like putting the company you work for in your password. A good password security plan makes it harder for attackers to make use of common behavior like this by preventing users from making those choices in the first place.”

Custom Dictionary Still a Best Practice Organizations Should Implement

While the existence of a company on this list does not indicate that the company isn’t already blocking the use of their company name in passwords, our team has identified this pattern before.

The Nvidia leak analysis, highlighted in the 2023 Weak Password report, showed “nvidia” was as the top base password in that leaked password dataset from February 2022. This company name appearance in the leaked password data indicated that a custom dictionary was not in place at the time of the attack, though as the attack entry point remains unknown, we can’t conclude that contributed to the February 2022 attack.

Editor’s note: Nvidia is a Fortune 500 company whose names does appear in compromised password data as highlighted in the 2023 Weak Password report; however, our team’s 8-character or more filter kept it off the above list.

How to Find Compromised Passwords Like These in Your Network

Today’s update to the Breached Password Protection service includes an addition of over 8.7 million compromised passwords to the list used by Specops Password Auditor.

You can find how many of your passwords are either compromised or identical with a scan from Specops Password Auditor. Specops Password Auditor does not store Active Directory data, nor does it make any changes to Active Directory.

Decrease Your Password Reuse Risk by Blocking These Passwords 

With Specops Password Policy and Breached Password Protection, organizations can prevent the use of passwords like these and over 4 billion more known compromised passwords. These compromised passwords include ones used in real attacks today or are on known breached password lists, making it easy to comply with industry regulations such as NIST or NCSC.

Our research team’s attack monitoring data collection systems update the service daily and ensure networks are protected from real world password attacks happening right now. The Breached Password Protection service blocks these banned passwords in Active Directory with customizable end-user messaging that helps reduce calls to the service desk. See how with a demo or free trial.

(Last updated on April 28, 2023)

Back to Blog

Related Articles

  • These Social Media Passwords Highlight the Danger of Password Reuse [new data]

    Today, the Specops research team is sharing the results of their latest findings on the use of social media websites in compromised passwords. The release of these findings coincides with the latest addition to the Specops Breached Password Protection service, which helps organizations block the use of over 4 billion unique compromised passwords in Active…

    Read More
  • Keeping Football on the Pitch and Out of Passwords this World Cup

    The Messi versus Ronaldo debate returns, but this time it’s not about who is the best footballer but about which name has appeared the most within Specops’ Breached Password Protection list. With the FIFA 2022 World Cup in Qatar kicking off we’ve continued the theme of analyzing over 800 million compromised passwords (a subset of…

    Read More
  • [New Data] Attackers Are Using These Passwords to Attack the RDP Port Right Now

    The Specops Breached Password Protection List Tops 3 Billion Unique Compromised Passwords from Live Attack Data and Leaked Lists Today, the Specops Software research team is sharing the results of our analysis on what passwords are being used to attack RDP ports in live attacks happening against networks right now. This analysis coincides with the…

    Read More