Authentication Story Index

We have created this chronological index of the stories related to passwords or authentication. You'll find the details of computer crimes, chronicles of events that drove corporate authentication change, and even tales of amusing incidents. While this index is not a comprehensive account of incidents, we have tried to select a sample that represents the different risks and practices related to authentication.

We have summarized this information for you after investigating reports from news sources, public records, or first-hand accounts.

If you have an appropriate story to add, please send us a copy along with details on its source to

Story Index

35% of IRS employees fell for password social engineering tests
Date: March 15 2005 - Location: Washington D.C. USA

Stolen customer passwords leads to theft of 32,000 records at LexisNexis
Date: March 9 2005 - Location: Dayton OH USA

Paris's password reset question proves to be a poor choice
Date: February 19 2005 - Location: USA

University students suffer offensive email originating from an account with a shared password
Date: January 16 2005 - Location: Fredericksburg VA USA

The inmate is hacking the asylum
Date: January 2005 - Location: Greeley CO USA

Student uses stolen password to alter attendance records at Texas high school
Date: January 2005 - Location: Tyler TX USA

Employee used bosses' passwords to steal $16.8 million for gambling
Date: January 2005 - Location: London England

Plaintext passwords on public networks pose a risky practice
Date: January 2005 - Location: USA

PharmaCare grants access to prescription history using questionable authentication
Date: January 2005 - Location: Boston MA USA

Man steals online banking password from coworker's office mail
Date: December 2004 - Location: Pune India

Brother of slain solder struggles with Hotmail to gain access to the deceased's email
Date: December 2004 - Location: Ramsey MN USA

Detection of keystroke logging software leads to conviction of hacker
Date: December 2004 - Location: Tempe AZ USA

Users deal with increasing password burdens by writing them down
Date: December 2004 - Location: USA

Cahoot's Internet banking application allows customers to view each other's account info with only a username
Date: November 4 2004 - Location: UK

Keystroke capturing software used in Internet café leads to theft from online banking account
Date: November 2004 - Location: Mitaka Japan

False comments are attributed to political candidates after someone steals their Web site password
Date: October 21 2004 - Location: Finland

Purdue University students asked to change passwords after second incident in past two years
Date: October 18 2004 - Location: West Lafayette IN USA

High school student guesses teacher's password and changes grades
Date: October 2004 - Location: Marana AZ USA

Students steal passwords to change grades and gain access to records of 75,000 others
Date: October 2004 - Location: Elk Grove CA USA

Online message forum exposes passwords for Florida child welfare system
Date: September 28 2004 - Location: Wildwood FL USA

Hopes of Half Life 2 gaming fans are dashed by fake message post
Date: August 27 2004 - Location: USA

Woman loses $35,000 when purse thief guesses her bank card PIN
Date: April 24 2004 - Location: Inuyama Aichi Japan

$10,000 stolen from bank account after malware steals account number and password
Date: April 2004 - Location: Sydney Australia

Woman seeks revenge on ex-boyfriend by deleting data using his password
Date: April 2004 - Location: Takaoka Japan

Several thousand UMKC students must change passwords after hacker steals password file
Date: January 11 2004 - Location: Kansas City MO USA

Supervisor's password used to steal at least $50,000 from casino
Date: December 2003 - Location: Louisiana USA

Poorly chosen password reminders expose B&Q store customers to unauthorized purchases
Date: November 2003 - Location: United Kingdom

Many West Australia government agencies fail to implement adequate password security
Date: November 2003 - Location: West Australia Australia

Programmer deletes data and changes administrative password of employer who was canceling his contract
Date: September 17 2003 - Location: Gloucester MA USA

Badtrans Internet worm logs password keystrokes and attempts to email the log to its creator
Date: September 2003 - Location:

Man embezzles AUS $302,000 when entrusted with both passwords of accounting system
Date: August 2003 - Location: Waverley Australia

American Express reduces potential credit card PINs from 10,000 to 366
Date: August 2003 - Location: USA

Criminal uses vice president's password at former employer to access confidential data
Date: August 2003 - Location: Shrewsbury MA USA

Neal Cotton pleads guilty to deleting former employers data after getting fired
Date: April 3 2003 - Location: New York City NY USA

Man pleads guilty to using fake ID for VeriSign to change Al-Jazeera domain management password
Date: March 24 2003 - Location: Norco CA USA

Default voicemail password leads to $8,600 phone bill
Date: March 10 2003 - Location: Lancaster PA USA

Brute force social security number guessing attack launched against University of Texas database
Date: March 2 2003 - Location: Austin TX USA

Australian Internet users receive forged message from bank to submit their account number and password via Web page
Date: March 2003 - Location: Australia

Company's failure to disable account of former employee cripples prosecutors in charging him with "unauthorized" access
Date: January 2003 - Location: Queensland Australia

AOL software flaw allows email account access without a password
Date: January 2003 - Location: USA

Australian ATM card skimming and PIN capture results in $623,000 theft
Date: 2003 - Location: Sydney Australia

Hackers take over AOL accounts by mumbling to customer service
Date: 2003 - Location: USA

Hackers obtained access to AOL customer database using trojans and social engineering
Date: 2003 - Location: USA

Administrator password exposed in public URL for over six months
Date: 2003 - Location: Minneapolis MN USA

AT&T forgives outstanding customer telephone bills related to voice mail message fraud, implements new authentication procedure
Date: 2003 - Location: USA

Kansas Health and Environment Department faces serious password related security problems
Date: 2003 - Location: Topeka KS USA

British Telecom Openworld admits to giving out customer passwords before verifying identities
Date: August 2002 - Location: United Kingdom

Ziff Davis Media must pay $125,000 for failing to restrict access to customer personal information
Date: August 2002 - Location: NY USA

A profane computer generated password is sent to an insurance company customer
Date: July 2002 - Location: Norway

Teenager uses adult's password to make $3.53 million in eBay bids
Date: May 24 2002 - Location: OH USA

Boston College student uses keystroke capturing software to capture passwords, credit card numbers, and other personal information
Date: April 2002 - Location: Boston MA USA

Adrian Lamo convicted for gaining unauthorized access to New York Times
Date: February 2002 - Location: New York NY USA

Easy access to passwords by employee leads to largest identity theft fraud in U.S.
Date: 2002 - Location: New York NY USA

A bank's failure to disable former employee accounts allowed them to retain network access after a layoff
Date: 2001 (or prior) - Location:

British Telecom Cellnet Web site offers poor password advice to customers
Date: September 2001 - Location: United Kingdom

Executives acquire passwords to a competitor's online catalog to gain competitive intelligence
Date: 2001 - Location: San Francisco CA USA

Manipulated login software aids an attacker in capturing more than 1,500 passwords at University of Michigan
Date: April 25 1999 - Location: Ann Arbor MI USA

Andrew Miffleton sentenced to 21 months imprisonment for stealing and using Verio passwords
Date: February 1999 - Location: Arlington TX USA

Jerome Heckenkamp pleads guilty to crimes involving the unauthorized use of captured usernames and passwords at eBay and Qualcomm
Date: 1999 - Location: CA USA

Patrick Gregory used stolen conference call PINs and computer passwords to carry out his crimes
Date: 1999 - Location: Houston TX USA finds some customers use same ID and password on both a competitor's and their Web sites
Date: 1999 - Location: ID USA

Ikenna Iffih installs password sniffer on NASA computer
Date: 1999 - Location: Boston MA USA