The Specops research team analysed an 800 million password subset of the larger Breached Password Protection database to obtain these results. Among the top ten, popular household names like Coca-Cola (16,710 appearances), Starbucks (3,800 appearances) and McDonald’s (2,270 times) appear.
The most common Fortune 500 company to have been found among passwords in the subset was Williams, relating to Shermin Williams and/or Williams Sonoma. “Williams” appears over 72,000 times. The full list can be found: https://specopssoft.com/blog/fortune-500-companies-most-often-in-compromised-password-data/
It is important to note that, despite the companies showing up in these lists, this in no way indicates that they’ve suffered a breach or that their specific passwords have been leaked.
“There are many reasons a company name can show up in a compromised password,” said Darren James, Senior Product Manager at Specops Software. “Whether it’s because the company name overlaps with another word or a consumer is a big fan, the fact remains that these names are showing up within passwords on wordlists attackers are using to attack networks. Organisations would always be smart to block the use of their own organisation name in their users’ passwords with a custom dictionary.”
The release of these findings coincides with the latest addition of over 33.9 million compromised passwords to the Specops Breached Password Protection service, which helps organisations block the use of over 3 billion unique compromised passwords in Active Directory.