Millions of people in the UK expect accounts to be hacked

More than a third of people in the UK believe that losing money or personal information over the internet is now unavoidable

More than a third of people in the UK believe that losing money or personal information over the internet is now “unavoidable”, a survey has found, in a further sign of growing public concern about online privacy.

The research, carried out by Britain’s National Cyber Security Centre, part of digital intelligence agency GCHQ, also revealed that 70 per cent of the public believe they will be a victim of cyber crime in the next two years.

The findings come as business leaders and tech companies are under growing pressure from regulators in Europe and the US to tighten security and improve their standards for handling personal data.

Last week, Facebook admitted that it unintentionally uploaded the email contacts of up to 1.5m people, in the latest privacy setback to hit the Silicon Valley company since the Cambridge Analytica scandal in which the data of 87m users was improperly accessed by a third party. Facebook said the contacts were not shared and were now being deleted.


Research published last year by Gemalto, the security consultancy, showed 3.3bn data records had been compromised in the first six months of 2018, a 72 per cent increase on the same period in 2017.

But while tech companies and businesses face calls to tighten their data handling processes, the NCSC said individuals also needed to do more to protect their personal online information, highlighting the need for people to choose better passwords.

On Sunday, to coincide with the release of the survey, the NCSC published a list of the 100,000 most commonly breached passwords worldwide, compiled in collaboration with Troy Hunt, a cyber security specialist, whose website Have I Been Pwned, enables users to search if their email has been hacked.

The most commonly hacked password is “123456”, the analysis concluded, with 23.2m accounts breached. But the data also revealed how millions of people were using their first names, favourite football teams and bands to protect their accounts, making it much easier for cyber attackers to gain access.

Bad passwords

Ashley was the most commonly breached name with more than 430,000 compromises. Liverpool came top of the league for bad football-related passwords with more than 280,000 compromises, while accounts using the password Chelsea were close behind in second place with more than 216,000 breaches. Accounts using the name of US rock band Blink182 as a password were breached 285,000 times.

Cyber security officials urged people to read the list and change their passwords if they saw their existing one was among the 100,000 being published.

Ian Levy, technical director for the NCSC, said: "Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band."

The NCSC stressed that the password information had not been collected by GCHQ but was already publicly available because it had been sold or shared by hackers online. Cyber security officials said criminals regularly used lists of breached passwords to try and gain access to people’s online profiles.

David Lidington, the minister responsible for cyber security in the UK, emphasised the growing threat the UK faced from cyber attacks, adding that the survey's findings "underlined the importance of using strong passwords at home and at work".

- Copyright The Financial Times Limited 2019