Study Finds Sports Fans' Passwords Linked to Teams Often Breached
A study by Duelbits analyzed compromised passwords related to U.S. sports teams across major leagues. It identified millions of breached passwords tied to team names, with fans of certain New York teams among those at higher risk. Cybersecurity experts recommend avoiding predictable passwords based on popular teams.
KeePassXC team. / Wikimedia (GPL)A study released by Duelbits examined compromised passwords associated with 124 teams in the MLB, NBA, NHL, and NFL. The research identified 42,260,852 passwords linked to sports teams that appeared in data breaches. It analyzed variations such as team names with numbers or capital letters.
New York Yankees fans faced the second-highest risk, with 1,228,703 related passwords breached. New York Rangers fans ranked third overall, with 1,100,572 passwords compromised.
The New York Giants ranked 11th with 837,131 breached passwords, while the New York Jets were 19th with 652,100. The New York Knicks placed 16th with 709,722, and the Brooklyn Nets were 28th with 533,899. The New York Mets ranked 20th with 650,911 breaches.
The New York Islanders came in 24th with 587,111 passwords hacked. Two Los Angeles teams also ranked in the top 20: the Angels with 910,707 and the Lakers with 708,193. Overall, the Carolina Panthers topped the list with 1,307,926 breaches.
teams had the highest average breaches per team at 379,447, followed by the NBA at 343,985 and MLB at 335,251. NHL teams averaged 304,420 breaches. Fans of one NFL team had the lowest risk, with 31,444 passwords breached.
“Using a sports team or place as a password is risky because it’s about predictability; the more commonly used, the easier a password is to guess at scale.”
Cybersecurity expert James Bore stated that popular teams lead to predictable passwords, making them easier for attackers to guess. He advised using random words instead of predictable ones. The study highlighted that commonality correlates with a team's popularity.
