New York sports fans might want to switch up their passwords.
A new study from Duelbits revealed that millions of sports fans across America are at risk of being hacked due to passwords that are related to their favorite teams — and New York sports fans are some of the most likely to be victims, with six out of 10 New York-based teams making the top 20.
The research used compromised password data to discover how many times passwords for several terms related to the 124 teams across the MLB, NBA, NHL and NFL have been exposed.
An astonishing 42,260,852 passwords linked to sports teams have been compromised in data breaches, and Yankees and Rangers fans were some of the most compromised.
The study found that New York Yankees fans were the second most at risk of a password breach. A whopping 1,228,703 passwords related to the team were found in data breaches.
The research looked for password variations that have been compromised in breaches, such as “newyorkyankees,” “newyorkyankees1” and “yankees,” with many simple variations on capital letters and numbers used alongside them.
But New Yorkers whose favorite team is in another sport still are at risk: fans of the NHL have cause for concern as well.
New York Rangers were the third most at-risk of all US sports teams, with 1,100,572 related passwords breached.
The New York Islanders came in 24th place with 587,111 passwords hacked, and further down, the Buffalo Sabers were in 58th place with 246,021 compromised passwords.
The NFL’s New York Giants came 11th in the study, with 837,131 passwords compromised, while the Jets came in 19th with 652,100 breached passwords. The Buffalo Bills were in 66th place with 227,024 breaches.
Fans of the New York Knicks — who are currently in the midst of a playoff run — might want to reset their passwords, too, as they ranked 16th with 709,722 passwords breached. Across the bridge, the NBA’s Brooklyn Nets came in 28th place with 533,899 breaches.
Meanwhile, the New York Mets came in 20th place with 650,911 breaches, making it the sixth New York team to make the top 20.
Two Los Angeles teams made the top 20 as well. The MLB’s Angels took sixth place with 910,707 passwords breached, and the LA Lakers took the 17th spot with 708,193 breached passwords.
Overall, fans of the NFL’s Carolina Panthers were the most at risk, taking the top spot with 1,307,926 passwords related to the North Carolina team found in data breaches.
On the opposite end of the spectrum, fans of the NFL’s Indianapolis Colts had the lowest risk of being exposed to hackers, with just 31,444 passwords found in data breaches.
NFL fans in general are the most at risk, with an average of 379,447 passwords found in breaches per team. The NBA came in second with an average of 343,985, and the MLB was third with an average of 335,251.
NHL teams had the lowest average of password breaches, with 304,420 per team.
Sports fans should be wary about using their favorite teams in passwords, as it can easily land them in a compromised situation, cybersecurity expert James Bore warned.
“Using a sports team or place as a password is risky because it’s about predictability; the more commonly used, the easier a password is to guess at scale,” Bore told Duelbits. “If I use the password ‘newyork,’ it’s likely to be used by a lot more people than just me, meaning when password breaches show up, it’ll be in the common list, and attackers will try it.
“Sports teams are not only popular with other people, but someone who has a favorite team that they’ll use as a password are likely to make it obvious for attackers,” he explained, noting that the commonality of a password directly correlates with popularity, so if something is “large and famous,” more people are likely to use it as a password.
“We have so many passwords to remember, and the advice that’s often given out about using random characters and special symbols makes for very hard-to-remember passwords. The use of multiple words is a good idea, but you want them to be random words rather than predictable,” Bore advised.
Top 25 sports teams with highest number of password breaches
- Carolina Panthers (NFL) – 1,307,926 breaches
- New York Yankees (MLB) – 1,228,703
- New York Rangers (NHL) – 1,100,572
- Dallas Cowboys (NFL) – 1,087,544
- Carolina Hurricanes (NHL) – 947,158
- Los Angeles Angels (MLB) – 910,707
- Oklahoma City Thunder (NBA) – 905,689
- Charlotte Hornets (NBA) – 885,521
- Boston Red Sox (MLB) – 870,537
- Florida Panthers (NHL) – 839,600
- New York Giants (NFL) – 837,131
- Las Vegas Raiders (NFL) – 793,699
- Detroit Tigers (MLB) – 793,151
- Phoenix Suns (NBA) – 790,755
- Orlando Magic (NBA) – 718,255
- New York Knicks (NBA) – 709,722
- Los Angeles Lakers (NBA) – 708,193
- Dallas Stars (NHL) – 707,145
- New York Jets (NFL) – 652,100
- New York Mets (MLB) – 650,911
- Dallas Mavericks (NBA) – 650,604
- Texas Rangers (MLB) – 611,064
- Pittsburgh Steelers (NFL) – 607,443
- New York Islanders (NHL) – 587,111
- Boston Celtics (NBA) – 550,823
