Passwords with ‘Taylor Swift’ or ‘Bad Bunny’ at risk

Passwords with ‘Taylor Swift’ or ‘Bad Bunny’ at risk

Passwords continue to be an element of friction in computer security, as they require the use of a hard-to-crack and easy-to-remember keyword. This process pushes many to use loose ideas based on tastes and preferences, but cybercrime and its ability to access accounts through ‘social engineering’, caused hundreds of thousands of accounts associated with ‘Taylor Swift’ or ‘Bad Bunny’ to be highly vulnerable in 2022.


A recent SpyCloud report exposes a high level of passwords exposed in various leaks showing how users are betting on elements of popular culture to ‘harden’ their security. Specifically, the report highlights the recovery of 327 thousand passwords associated with Taylor Swift and Bad Bunny.

According to the research firm, there are. “consider that many people are obsessed with music and celebrities, so it should come as no surprise that we see the most popular artists on the 2022 list, and the ones who have dominated this collection are Taylor Swift and Bad Bunny.”

Note that this not only affects accounts that use the words ‘Taylor’, ‘Swift’, ‘Bad’ or ‘Bunny’ as passwords, but also variables identified in the torrent of information leaks. Among the most frequent are also ‘swiftie’ or ‘midnights’ – the name of her most recent album, which brought in more than 230 million dollars in revenue last year – while Benito inspired keywords such as ‘summer’ or ‘titi’. The popular American singer inspired 186 thousand filtered accounts, while the Latin artist had an impact on 141 thousand credentials.

Other popular culture events detected in SpyCloud’s report were streaming services – ‘YouTube’, ‘Netflix’ or ‘Hulu’ as keywords in 261 thousand accounts -, the death of Queen Isabell II – 167 thousand credentials with ‘queen’, ‘royal family’ or ‘queen elizabeth’ -, the acquisition of Twitter by Elon Musk – up to 74 thousand under ‘twitter’ or ‘elon musk’ – Ukraine, Donald Trump and other events that marked 2022.

This data was obtained from among the 721 million credentials exposed in more than 1300 breaches over the past year. What is interesting about the case is the 72% of users who were affected by these leaks using passwords previously exposed in other breaches.

A large portion of those affected, according to the report, had multi-factor authentication, or MFA, disabled, which adds a dynamic PIN or second validation step via SMS, email, third-party app or notification to devices associated with the account.

“The widespread use of information stealers is a dangerous trend because these attacks open the door to bad actors such as early access brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals.” Trevor Hilligoss, director of security research at SpyCloud, mentioned to media. “Information thieves are easy to contact, cheap and scalable, and create a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime. This ‘broker-operator’ partnership is a lucrative business with a relatively low cost of entry.”

Daniel Chapman