Online shoppers are advised to be cautious when creating new accounts and changing their passwords during the festive season.

The warning comes as Intercede’s Password Breach Database surpasses 11-billion worldwide records – equating to more than one breached credential for every person on Earth.

The company advises that the top 10 most breached accounts with Christmas-related passwords are:

  • snowball
  • christmas
  • snowman
  • snowflake
  • snowball1
  • christmas1
  • snowman1
  • Christmas
  • Snowball
  • Santa

Other seasonal passwords that rank highly in the database include: candycane, santaclaus, gingerbread, xmas, merrychristmas, mistletoe, presents and nativity.

James Westgate, acting chief technology officer at Intercede, says: “This time of year many people are creating new accounts and changing passwords as they shop online, often using the same memorable festive word to make life easier during what can be a stressful time. By choosing these types of passwords it can make all a cybercriminal’s Christmases come at once and ruin yours.”

However, the password problem is not restricted to Christmas. In just two years, the number of breached records held within Intercede’s Password Breach Database (the largest of its type in the world) has doubled. In September 2024, the National Institute of Standards and Technology (NIST) updated its guidelines, recommending passwords should be a minimum of 15 characters and as many as 64 characters.

Westgate comments: “The length of passwords has changed very little in the past 10 years, remaining at around eight characters. As our top 10 highlights, people will often choose convenience over complexity. By taking simple steps such as having a different password for each account, making them longer, avoiding obvious words and not sharing them with others, you will have the best chance of protecting not only yourself but the businesses you buy from. This can be made simpler by taking advantage of strong password recommendations within browsers and using one of the many password managers available.”