The Link Between the Champions League and Cyber-Attacks

Written by

We all love to cheer for our favorite football team, especially as the Champions League kicks off its 66th season. Unfortunately, this dedication can leave you vulnerable to cyber-attacks as football fans in your organization choose passwords that relate directly to their favorite club. Recent data from Specops Software shows the most common Champion Leagues clubs found in breached passwords.

Breached Passwords: A Major Cyber Security Risk

Stolen credentials are responsible for 80% of hacking-related breaches according to Verizon’s Data Breach Investigations Report.

Large datasets are easily accessible on the dark web, which hackers use for brute-force attacks such as credential stuffing (pairing breached usernames and passwords against a login process) and password spraying (using large lists of breached passwords or dictionaries to gain access by matching the password with a user account).

Not knowing whether these passwords already exist and neglecting measures to block them from being created in your organization effectively leaves the doors open and positions yourselves at a high risk of becoming another statistic of data breaches at the hands of cybercriminals.

Champions League Clubs in Breached Password Lists: The Results

800 million compromised passwords from known sources and recent attacks were used in this analysis, a subset of Specops’ full database of over 2.5 billion passwords.

The results show Italian club Milan come out on top, appearing over 100,000 times, followed by Chelsea, Liverpool, Porto and French club Lille concluding the top 5.

Ranking of the most popular European clubs in the compromised password analysis:

  1. Milan
  2. Chelsea
  3. Liverpool
  4. Porto
  5. Lille
  6. Barcelona
  7. Juventus
  8. Real Madrid
  9. Benfica
  10. Sevilla
  11. Sporting
  12. Brugge
  13. Villareal
  14. Manchester United
  15. Inter Milan
  16. Atalanta
  17. Wolfsburg
  18. Bayern Munich
  19. Manchester City
  20. Young Boys Bern

In addition to the official club names, many of these clubs also have nicknames that resonate with their fans and widens the attack surface for system administrators to protect.

In this analysis, we find City at the top of the ranking with 225,000 mentions. Not far behind with 205,000 comes Paris Saint Germain, echoing the rivalry between the two clubs owned by the United Arab Emirates and Qatar. Next, Liverpool and Chelsea followed by Bayern Munich, concluding the top 5.

Football clubs by their nickname:

  1. City (Manchester City)
  2. PSG (Paris Saint Germain)
  3. Reds (Liverpool)
  4. Blues (Chelsea)
  5. Bayern (Bayern Munich)
  6. La Dea (Atalanta)
  7. Indios (Atlético Madrid)
  8. Blancos (Real Madrid)
  9. Rossoneri (AC Milan)
  10. Blaugrana (Barcelona)
  11. Dragoes (Porto)
  12. Bianconeri (Juventus)
  13. Dogues (Lille)
  14. Nerazzurri (Intermilan)
  15. Wölfe (Wölfsburg)
  16. Blauwzwart (Brugge)
  17. Red Devils (Manchester)
  18. Kara Kartallar (Beşiktaş)
  19. Godenzonen (Ajax Amsterdam)
  20. Submarino Armarillo (Villareal)


Users have been setting both personal and memorable terms such as football club names for their passwords since their inception, and there is no surprise that it continues to this day.

Passwords won’t be going away anytime soon. As cyber-attacks become more prevalent and sophisticated, ensuring confidence in your first line of defense to thwart them should be prioritized within any organization’s cyber-defense strategy.

We only need to look recently at the crippling impact of the attack on the US Colonial Pipeline due to compromised VPN passwords and the 500,00 Fortinet leaked VPN passwords now leaked to the dark web to see how serious this threat is.

What to do next

Enforce a strong password policy.

The Active Directory password is the weakest link in a Windows network, and enforcing a strong password policy in your organization should be a multi-faceted approach.

Look at password length and complexity, block common character types at the start and end and block consecutively repeated characters automatically. To make password creation easier, encourage users to create passphrases. To address the issue of favorite football clubs appearing in passwords, you should block compromised passwords through a service that is continuously updated with breached passwords from live attacks. You should also create customer password dictionaries to block common words relevant to your organization, such as name, location, services, acronyms and other local sports teams.

Two-Factor Authentication (2FA) & Multi-Factor Authentication (MFA)

It’s a good idea to employ two-factor authentication (2FA) as an additional layer of security, which provides that extra assurance the user is who they claim to be.

2FA, however, can still be exploited in sophisticated attacks and could become a hindrance, for example, if the authentication is through a mobile device that isn’t at hand.

MFA overcomes this limitation. It can be used to ensure that authentication is successful, and it can mitigate the risk of impersonation further to strengthen the defense against attack.

Find Breached Passwords in Use in Your Organization Today

The HaveIBeenPwned (HIBP) service provides a valuable source of breached passwords, housing to date over 613 million compromised passwords. Last updated in November 2020, the HIBP database can be freely downloaded to search for breached password use in your organization.

Alternatively, use this popular free Password Auditor tool and automate the process, using an updated list of over 750 million compromised passwords. Then, eliminate the need for manual effort and scripting and analyze your results in an interactive dashboard — you’ll be surprised what you may find.

What’s hot on Infosecurity Magazine?