Hungarian government creds left in the safe hands of 'FrankLampard'
Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts
Hungary's government has discovered the hard way that the biggest threat to national security might just be its own password choices.
An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance.
This doesn't look like anyone breaking in so much as people making it easy. Weak passwords, reused in places they shouldn't be, and eventually ending up where they always do.
REG AD
The defense department data is worth examining on its own. Bellingcat puts the number at around 120 compromised records tied to defense staff, including fallout from a 2023 breach of NATO's eLearning platform that exposed emails, passwords, and phone numbers. Most of it traces back to a spike in 2021, but data keeps showing up into 2026, and some of the stealer logs suggest a few of those machines may have been genuinely infected, not just caught up in old leaks.
REG AD
Then there are the passwords. A colonel working in "information security" used "FrankLampard," apparently deciding that a former England footballer was as good a guardian of state secrets as any. A district director had "123456aA," while another senior figure tied to Hungary's NATO delegation used a password that translates to "cute" in English.
There was more in the same vein. A brigadier general used a short nickname based on his own name to sign up for a film festival. Elsewhere, it's the usual mix of names, simple patterns, and things that look like they were typed once and never revisited.
One example highlighted in the report, "linkedinlinkedin," appears to have been swept up in the old LinkedIn data breach and then seemingly kept in service anyway, which is one way to stay consistent if nothing else.
According to the analysis, officials were using their government email addresses to sign up for all sorts of third-party services, then reusing the same passwords across them. Once those sites were breached, the credentials ended up in the usual places.
Bellingcat also found infostealer logs tied to dozens of machines, some from as recently as last month. That points to something more recent than old breach data doing the rounds, with signs that at least some devices may have been compromised more actively.
The Hungarian government has been given a stark warning. When credentials tied to core state functions end up bundled in breach collections alongside everyone else's compromised shopping and social media accounts, it raises uncomfortable questions about how seriously basic security hygiene is being taken.
None of this required sophisticated tooling or zero-days. Just a few bad passwords, a bit of reuse, and the internet doing what it does best: remembering everything. ®