Weakest passwords driving global cyber breaches – full list of combinations to avoid | UK | News

16 Billion Password Mega Leak (2025): The internet was rocked by one of the largest data dumps in history, when 16 billion stolen credentials were collected in a single leak. The breach exposed the reality of modern password reuse, with the words “admin” and “password” appearing tens of millions of times. These credentials quickly flooded dark web markets and were sold for prices as low as $10 each.

McDonald’s Monopoly VIP Accident (2025): Due to a simple administrative error, database usernames and passwords were accidentally emailed to prize winners, exposing staging and production server credentials. While the disaster was averted by an ethical buyer who reported it, Mitchell notes: “A single misconfiguration or forgotten password rule can put entire networks at risk.”

Open Door of the Louvre: Following a daring jewel heist at the Louvre in 2025, a security report that resurfaced in 2014 shockingly revealed that the museum’s CCTV network password was simply “LOUVRE.” As Mitchell points out, if digital security looks lazy, criminals will assume physical defenses are weak.

Yahoo’s Billion Dollar Breach (2013-2016): Hackers compromised 3 billion user accounts in several years. Yahoo’s delayed disclosure resulted in a $35 million fine, 41 class-action lawsuits, and a major blow to public trust; This proved that password negligence can change the fortunes of corporate giants.