Nuclear codes, voicemail hacks and businesses going bust. These are some of the biggest password blunders

By Charlotte Reck, CNN

(CNN) — A 2014 security report resurfaced this week showing that the password for the server managing the CCTV network at the Louvre – Paris’ art museum which suffered immense financial loss after a heist team successfully targeted historical jewels last month – was, in fact, just “LOUVRE.”

But predictable passwords like these are concerningly common.

Logging into social media accounts, shopping apps and subscriber platforms can be a laborious task that leaves many launching devices across the room in frustration and asking why it’s necessary to hire a crack team just to access a personal account.

Perhaps it’s time to consider the demand for 16-character combinations of letters, numbers and symbols to be more method than madness, and learn from the mistakes of the weak-password-makers who’ve gone before.

Here are some examples of technological mishaps and infamous faux pas(swords):

Colonial Pipeline blunder:

In May 2021, one of the largest fuel pipeline systems in the United States was paralyzed when a cyberattack brought operations to an abrupt halt. At the time, the FBI said the hackers responsible belonged to criminal group Darkside, believed to be based in Russia.

Colonial Pipeline said its network had been accessed via a compromised password that was linked to a disused virtual private networking account used for remote access. The account was not guarded by an extra layer of security known as multi-factor authentication.

It is unclear how the attackers obtained the compromised credential. But the company claimed the password in question was not easily guessable, with CEO Joseph Blount telling a US Senate committee in June 2021:”It was a complicated password, I want to be clear on that. It was not a Colonial123-type password.” The shutdown remained in place until the company complied with a ransom demand, paying $4.4 million to end the attack.

By the following year, the FBI had recovered millions of dollars extorted from Colonial Pipeline by Darkside.

Zero chance forgetting the nuclear launch code:

According to Bruce Blair, a former Air Force launch officer and nuclear policy expert, between 1962 and the mid-1970s the most powerful digits on the globe were simple – eight zeros.

In a twist as absurd as Peter Sellers’ president declaring the War Room a place where gentlemen must not fight in Stanley Kubrick’s 1964 dark comedy “Dr. Strangelove,” Blair claimed just eight zeros separated the US from launching a nuclear attack.

Blair said a “two-man-rule,” which required two qualified crew members to be present at the location of the launch code, was considered the primary human safeguard, but the measure wasn’t always reliable. According to Blair, the two members on shift would often organize alternative sleeping rotas that left just one individual with a straightforward password and all the power.

Eventually, the Strategic Air Command amended the system to include a unique enable code that transmitted to the launch crew from a higher authority. The change added further security steps to the process and, as Blair said, “It no longer sufficed just to flip one switch.”

The nuclear expert’s shocking revelation came decades after it was decided that solely punching in eight zeros might be a little lax when it comes to initiating nuclear war.

A 158-year-old business tanked by hackers:

Hundreds of jobs were lost when an unsuspecting transport company in eastern England was toppled by a hacking gang, British media reported.

Northamptonshire business KNP was targeted in June 2023 by Akira, a group of hackers who gained access to the company’s system by guessing the password of an employee. Once inside, the hackers encrypted KNP’s data and locked its internal systems before demanding a ransom.

Being unable to make the payment, the company’s data was lost, and the 158-year-old business went under.

KNP’s director Paul Abbott admitted he never told the employee with the weak password that it was their information that was compromised and likely led to the company’s demise. “Would you want to know if it was you?” Abbott told the BBC.

Phone hacking scandal:

Hugh Grant, Prince Harry and Sienna Miller were among the stars who fell victim to phone hacking during a scandal perpetrated by British tabloids that spanned several years.

Formal inquiries began after complaints that personal information shared only in private realms was routinely exposed on the front pages of national newspapers, causing distress and compromising the safety of those targeted.

Investigations found the voicemails of public figures were hacked by journalists and private investigators hired by publications who worked on the assumption that few people changed the default voicemail access code their handset came with. Simple combinations like 1111, 4444 and 1234 were used to gain access to the messages waiting in the inbox.

The United Kingdom’s phone-hacking scandal led to the closure of the News Of The World’s in 2011, followed by an inquiry into the practises and ethics of the British press.

A one-time hacker now an opposition party leader:

As head of the opposition, the UK’s Conservative Party leader Kemi Badenoch spends a lot of time critiquing the current British government. But her record isn’t squeaky clean.

Back in 2018, the politician confessed to hacking the official website of Labour peer Harriet Harman a decade earlier and changing the content to be pro-Conservative.

But this was no mastermind crime – the password required to edit Harman’s website was, indeed, “Harriet Harman.”

Badenoch, who was not a lawmaker at the time of the hack, has since apologized for what she called a “foolish prank.”

Personal data of millions of UK voters vulnerable:

From August 2021 through to 2022, cyber attackers gained access to computers containing Electoral Registers – lists of names and addresses of millions of voters across the UK, the country’s data privacy watchdog discovered.

An investigation by the Information Commissioner’s Office (ICO) said hackers accessed the system by imitating a legitimate user account. The ICO determined this possible because appropriate security measures were consistently missed.

Software designed to fix security holes was not installed, and the company failed to enforce a policy that ensured employees used secure passwords. During inquiries, the ICO found 178 active email accounts using passwords identical or similar to those set by the organization’s IT desk when the account was activated.

The Electoral Commission was formally reprimanded for their negligence. No evidence of data misuse was reported.

The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.