Easily guessed passwords are boosting the risk of a data breach for retailers

My Nguyen

12th Aug 2025

Data breaches are on the rise this year, and in many cases, weak passwords are the culprit, a report has found.

A study by NordPass has revealed bad password habits used by businesses that increase vulnerability to cyberattacks, and recommends choosing more secure passwords.

“Retail is one of the most targeted industries for cyberattacks, particularly during peak sales periods and holidays,” said Ignas Valancius, NordPass’s head of engineering.

The study also showed that passwords that are easily broken often follow simple numerical patterns, use personal names, or include brand identifiers, which are often linked to critical daily retail operations.

“Yet many businesses still rely on credentials that are either default, reused, or shockingly easy to guess. That’s a recipe for a breach.”

Login credentials, including “123456”, “P@ssw0rd”, and “email@123456”, were found being used across internal platforms, point-of-sale systems, employee accounts, and vendor access portals.

Passwords containing hints of company-specific or brand-related phrases, such as “Kabum@00” and “Amzn5452”, are often exploited by cybercriminals.

The company recommends that businesses take four steps to safeguard customers’ data and internal operations:

1. Avoid using generic or brand-related passwords.

2. Educate staff at all levels, including seasonal hires.

3. Implement a password manager for teams.

4. Use passkeys to prevent many attack vectors and help secure sensitive data.

Retailers work hard to earn customer trust. But a single compromised password can cost more than lost sales – it can lead to lasting brand damage,” said Valancius.