Drain Your Account Remotely: Here’s

a List of Easily Hacked Passwords

Jakarta, CNBC Indonesia –Weak mobile banking passwords remain an easy target for cybercriminals. Amidst increasing digital attacks, hackers are exploiting loopholes in users’ habits of using easy-to-guess password combinations.

This is evident in reports of a massive data breach that revealed billions of login credentials were widely circulated on the internet. More than 16 billion login credentials were leaked and widely distributed, making it the largest hacking incident in history.

This finding, first reported by Cybernews and Forbes, was immediately categorized as a global cybersecurity emergency. Security experts stated that the leaked data was not recycled from previous hacks, but rather new data systematically collected through infostealer malware.

This malware secretly steals usernames and passwords from infected devices and uploads them to hacker-controlled servers. The leak included at least 30 separate datasets, each containing anywhere from tens of millions to over 3.5 billion entries. The leaked data was highly structured, listing service URLs followed by usernames and passwords, making it highly exploitable by criminals.

Popular services like Apple, Google, Facebook, Telegram, GitHub, and even government platforms are reportedly among potential targets.

Password security provider Specops has revealed the 10 most common passwords attackers use to exploit Microsoft’s Remote Desktop Protocol (RDP) connections.

RDP is a convenient method for logging into and controlling remote PCs and servers, especially for hybrid workers.

But RDP is also a prime target for cybercriminals seeking access to an organization’s network and other critical resources.

That’s why using strong, complex passwords for remote desktop accounts is crucial.

Specops analyzed over 1 billion passwords stolen by cybercriminals in 2024. The results show that many people ignore standards when creating passwords, even for critical systems.

Organizations monitoring their RDP servers have discovered hundreds, if not thousands, of failed login attempts from hackers, bots, ransomware gangs, and more.

Once they find an open and exposed RDP port, attackers use brute force to try a large number of username and password combinations to gain access. The simpler the password, the faster an attacker can gain and exploit access.

So, what password combinations are easy for thieves to crack?

In first place is the password 123456, the most frequently stolen by criminals. This indicates that many people still use the “keyboard walk” combination, a password created by typing a series of adjacent keys on the keyboard.

In second place is 1234, chosen by people who don’t want to bother adding the numbers 5 and 6.

Next is Password1, followed by 12345. In fifth place is the password P@sswOrd, indicating that some people simply add special characters to their passwords, even though they are considered weak.

P@sswOrd is popular because it meets the standard requirements of eight characters, one uppercase letter, one number, and one special character.

Here’s a list of the most common passwords cracked by thieves:

123456

1234

Password1

12345

P@ssw0rd

password

Password123

Welcome1

12345678

Aa123456

SOURCE : CNBC INDONESIA