Security Hungarian government creds left in the safe hands of 'FrankLampard' Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts Carly Page Sat 11 Apr 2026 // 08:30 UTC Hungary's government has discovered the hard way that the biggest threat to national security might just be its own password choices. An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance. This doesn't look like anyone breaking in so much as people making it easy. Weak passwords, reused in places they shouldn't be, and eventually ending up where they always do. The defense department data is worth examining on its own. Bellingcat puts the number at around 120 compromised records tied to defense staff, including fallout from a 2023 breach of NATO's eLearning platform that exposed emails, passwords, and phone numbers. Most of it traces back to a spike in 2021, but data keeps showing up into 2026, and some of the stealer logs suggest a few of those machines may have been genuinely infected, not just caught up in old leaks. Then there are the passwords. A colonel working in "information security" used "FrankLampard," apparently deciding that a former England footballer was as good a guardian of state secrets as any. A district director had "123456aA," while another senior figure tied to Hungary's NATO delegation used a password that translates to "cute" in English. There was more in the same vein. A brigadier general used a short nickname based on his own name to sign up for a film festival. Elsewhere, it's the usual mix of names, simple patterns, and things that look like they were typed once and never revisited. One example highlighted in the report, "linkedinlinkedin," appears to have been swept up in the old LinkedIn data breach and then seemingly kept in service anyway, which is one way to stay consistent if nothing else. Every day in every way, passwords are getting worse and worse You probably can't trust your password manager if it's compromised Payroll pirates are conning help desks to steal workers' identities and redirect paychecks LastPass hammered with £1.2M fine for 2022 breach fiasco According to the analysis, officials were using their government email addresses to sign up for all sorts of third-party services, then reusing the same passwords across them. Once those sites were breached, the credentials ended up in the usual places. Bellingcat also found infostealer logs tied to dozens of machines, some from as recently as last month. That points to something more recent than old breach data doing the rounds, with signs that at least some devices may have been compromised more actively. The Hungarian government has been given a stark warning. When credentials tied to core state functions end up bundled in breach collections alongside everyone else's compromised shopping and social media accounts, it raises uncomfortable questions about how seriously basic security hygiene is being taken. None of this required sophisticated tooling or zero-days. Just a few bad passwords, a bit of reuse, and the internet doing what it does best: remembering everything. ® Share More about Hungary Password Security More like these × More about Hungary Password Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Credential stuffing Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection ESA Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security LastPass NCSAM NCSC Palo Alto Networks Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics EMEA Europe European Union More about Share POST A COMMENT More about Hungary Password Security More like these × More about Hungary Password Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Credential stuffing Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection ESA Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security LastPass NCSAM NCSC Palo Alto Networks Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics EMEA Europe European Union TIP US OFF Send us news