-
795 government email and password combos leaked across 12 of 13 ministries in Hungary.
-
Weak passwords include “Arsenal,” “Paprika,” “snoopy,” and even an insult.
-
Breaches stem from staff using work emails on dating, music, and sports sites.
A new investigation by open-source group Bellingcat found 795 unique email and password combinations linked to 12 out of 13 Hungarian government ministries.
Of all the leaked credentials, roughly 641 are tied to just four main government bodies, the Ministry of Interior, the Ministry of Defence, the Ministry of Foreign Affairs and Trade, and the Ministry of National Economy.
Details of the Data Breach
Staff members used their government email addresses to sign up for third-party sites. We’re talking dating apps, music platforms, sports forums, and food websites. They also used simple, guessable passwords.
When those outside services got breached, the login info spilled online. In many cases, phone numbers, addresses, birth dates, usernames, and IP addresses leaked too.
Some of the exposed data includes confidential information of military personnel and civil servants posted abroad. Bellingcat lists specific affected roles: a senior military officer in charge of information security, a counter-terrorism coordinator in the foreign affairs department, and an employee whose job was to identify hybrid threats against Hungary.
Weak Passwords and Poor Security Choices
The passwords themselves are almost funny if they weren’t so risky.
- A colonel specializing in “information security” used “FrankLampard” – yes, the English football manager.
- A district director picked “123456aA”.
- A senior member of “Hungary’s NATO” delegation used a password that translates to “cute”.
- A brigadier general used a six-letter nickname based on his own name for a film festival signup.
The Ministry of Interior had 170 exposed combos. Employees there used passwords like “Arsenal” and “Paprika”. The Ministry of Defence had 120 compromised records. That includes a 2023 breach of NATO’s eLearning services, which exposed emails, passwords, and phone numbers.
The Foreign Affairs Ministry (107 combos) saw passwords like “porsche911”, “frogger”, and “Batman2013”. A deputy state secretary used “snoopy”. Others used their birth dates or the Hungarian word that represents “password” – “Jelszo”.
A Senior Advisor Hit Four Times
One senior advisor now working for the Ministry of National Economy (99 staff breaches) got hit four times. They used four different passwords. One of them was offensive: “Kurvaanyad1” a Hungarian phrase that insults someone’s mother.
The breaches became more severe in 2021. But records kept surfacing through 2026. Worse, stealer logs suggest that machines inside affected departments may have also caught the infection. A search of breach databases found 97 compromised machines across Hungarian government departments. That points to a much more recent event.
Election Timing and the Implication of the Leak
Bellingcat released its findings right before Hungary’s parliamentary election on Sunday, an election that will determine whether Prime Minister Viktor Orbán holds onto power after more than a decade in office.
Now, with hundreds of state secrets suddenly out there, the big question is: what does this do to the government? It erodes public trust at the worst possible moment. People will be wondering: if government officials can’t protect their own email passwords, some using ridiculously easy passwords, how then can they protect state secrets or national security?
News such as military officers, counter-terrorism staff, and NATO delegation members using weak, guessable passwords on dating and food sites is gold for opposition parties.
Opposition parties may interpret this as evidence of poor management by government authorities. While there was no actual external influence, there is a loss of voter trust resulting from poor security safeguards.
In a competitive race, such a reduction in trust could provide the difference between the winning candidate and their closest competitor.
The scale of credential exposure is staggering globally, a breach of 149 million passwords recently highlighted how widespread weak password practices are, affecting everyone from government officials to ordinary citizens, and underscoring the urgent need for better password hygiene and multi-factor authentication across all sectors.
