Top celebrity online security screwups in 2016

Password manager announces its inaugural "P@ssholes of the Year" list.

About half of those responding to an online survey say their passwords are over five years old.
Thinkstock

Password manager Dashlane has compiled a list of celebrities who have run afoul of basic security rules in 2016 and, like TMZ, are publicly shaming them. The company's goal in releasing the P@ssholes List is to draw attention to many high-profile, yet common, password gaffes that are often easily preventable.

The company says while it can be amusing to have a little tongue-in-cheek fun at the expense of celebrities, the fact of the matter is that most people are guilty of making the same errors. Whether it's using a weak and easily guessed password, or reusing a password that was leaked in a previous breach, all of these P@sshole cases highlight the important role passwords play in our digital lives.

Below are the Top 10 P@ssholes of 2016. The list is random and not in order of rank.

Drake, Katy Perry, OurMine Victims - If you're reading this, it's too late... Summer '16 saw dozens of celebrities suffer Twitter takeovers by the OurMine hackers. The cause? Weak and reused passwords from old MySpace accounts. Drake and Katy Perry were the two most high-profile celebrities who didn't take care of passwords and lost control of their accounts. Chelsea Handler, Channing Tatum, and Lana Del Rey were also affected.

VenueNext, Stadium, IoT, Skilled Analysts Pixabay

National Football League - The NFL had to scramble like Russell Wilson to secure their Twitter account after hackers announced that Commissioner Roger Goodell was dead. They could have blocked the breach attempt if they tackled passwords the proper way as unsportsmanlike hackers got in by cracking the email of an employee who handles social media. No end zone celebrations for the No-Fun-League after this incident.

Big Websites: AdultFriendFinder, Dropbox, MySpace, LinkedIn, Yahoo - Remember MySpace? Hackers do, and said yahoo when they took advantage of the more than 2 billion usernames, passwords, and email addresses that stemmed from breaches at these companies. Millions of people had to update their passwords to avoid putting their friends, reputations, and connections, both professional and private, at risk.

John Podesta - The chairman of Hillary Clinton's presidential campaign was the victim of a classic phishing email. As a result, his Gmail account was leaked for the world to see - an event that probably altered the course of the U.S. presidential election. This classic case shows that firewalls can't keep all of the intruders out.

Kylie Jenner - The youngest member of the Kardashian-Jenner clan also had her Twitter account hacked by the OurMine hacker group. In keeping up with terrible celebrity PR moves, she immediately took to Snapchat to proclaim, "I don't really care, I'm just letting them (hackers) have fun." 

zuckerberg

Tech Leaders: Mark Zuckerberg, Sundar Pichai, Daniel Elk, Jack Dorsey, Travis Kalanick - We trust tech companies to secure our personal data, but that faith is put to the test when the leaders of some of the world's most popular companies use bad passwords to protect their own accounts. Mark Zuckerberg of Facebook made headlines this year for presumably using his daughter's first words to protect his Twitter and Pinterest accounts. But let's not forget about, Sundar Pichai (Google), Daniel Elk (Spotify), Jack Dorsey (Twitter), and Travis Kalanick (Uber)— who all had their social media accounts hacked this year.

Houston Astros – The Houston Astros of Major League Baseball had their online database of player statistics hacked by a former executive of the St. Louis Cardinals. The hacker, Christopher Correa, who was recently convicted on federal charges, used the password of a former Cardinals employee who had recently joined the Astros. This is a grand slam password fail.

Harry Styles - While no one is iPerfect, protecting your iCloud account with a weak password will only take you in One Direction; hacked. This year, people got access to Styles' files when an iCloud account associated with him was breached. Rough seas were ahead for Harry, as pictures from an intimate boating trip with Kendall Jenner were splashed around the world. 

Jack Johnson - More like Hack Johnson. One-half of the pop-rap duo Jack & Jack (and not the affable adult alternative artist), had one of the worst password stunts of the year when he requested that his 4+ million Twitter followers send him their passwords so he could put a personalized video in their feeds.

Tom Hiddleston - Less than a week after joining Instagram, his account was promptly hacked. Hopefully, he can shake off his password mistake and come back in cybersecurity style.

Dashlane says celebrities, like the rest of us, must deal with a broken system that demands human beings memorize passwords for all of the accounts we have. To be completely secure, you need a strong, unique password for each online account.

Password hygiene

Below are four actions everyone can take to ensure they good the best password hygiene.

Strong passwords – Your passwords should be like Kanye West album titles… completely random and impossible to guess. Never use passwords that are easy to guess, such as ones with common names or things people know about you. Your passwords should be at least eight characters long and include a mix of random letters, numbers, and symbols.

Different password for every account – Treat your passwords like a celebrity treats an outfit; never use it twice. If a hacker gets access to a password that you're reusing then they have access to all of your accounts. Having a unique password for every account ensures that even if one is breached, others will be secure.

Two-factor authentication – This is like hiring another bodyguard, and ensures that even if someone does get your password, they can't access your account without a second form of authentication, such as a text message code or email link.

Get a password manager!– Password managers simplify all of the items above by creating and storing strong passwords for all of your accounts. (See: Top password managers compared.)

The public, however, can visit @Dashlane on Twitter use the hashtag #dashlanepassholes to vote for the nominee they believe should be the P@sshole of the Year.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.