A new study warns that millions of sports fans across the United States may be putting their online accounts at risk by using passwords tied to their favorite teams, with Dallas Cowboys supporters among the most vulnerable.
The research, conducted by Duelbits ahead of World Password Day on May 7, analyzed compromised password data linked to 124 teams across the NFL, NBA, MLB, and NHL. It found that 42,260,852 passwords connected to team-related terms have been exposed in data breaches.
Among those, Cowboys fans ranked fourth nationwide for password vulnerability, with 1,087,544 breached passwords tied to variations such as “dallascowboys,” “dallascowboys1” and “cowboys.”
Texas teams featured prominently in the rankings. The Dallas Stars ranked 18th with 652,100 compromised passwords, followed by the Dallas Mavericks in 21st place with 650,604. The Texas Rangers came in 22nd with 611,064.
Further down the list, the Houston Rockets ranked 44th with 318,741 breached passwords, while the Houston Astros placed 46th with 297,428. The Houston Texans were 53rd with 271,347, and the San Antonio Spurs ranked 107th, among the least affected, with 88,220.
The study identified fans of the Carolina Panthers as the most at risk, with 1,307,926 compromised passwords. The New York Yankees and New York Rangers followed, while the Indianapolis Colts had the fewest breaches, at 31,444.
Cybersecurity expert James Bore cautioned that using familiar or popular terms — such as sports teams — makes passwords easier for attackers to guess.
“Using a sports team or place as a password is risky because it’s about predictability; the more commonly used, the easier a password is to guess at scale. If I use the password ‘dallas’, it’s likely to be used by a lot more people than just me, meaning when password breaches show up, it’ll be in the common list, and attackers will try it,” Bore said.
Bore added that “Sports teams are not only popular with other people, but someone who has a favourite team that they’ll use as a password are likely to make it obvious for attackers. With places, the commonality of use as a password will directly correlate to population and popularity. If a place is large and famous, a lot more people will use it as a password.”
Bore also emphasized the importance of avoiding predictable patterns when creating passwords.
“We have so many passwords to remember, and the advice that’s often given out about using random characters and special symbols makes for very hard-to-remember passwords. The use of multiple words is a good idea, but you want them to be random words rather than predictable.”
The findings highlight how widely used, easy-to-guess passwords continue to expose users to cyber threats, particularly when tied to popular teams or locations.
