Hungarian government creds left in the safe hands of 'FrankLampard'

Mass of exposed logins, trivial passwords

It has been reported that investigative group Bellingcat found nearly 800 Hungarian government email-and-password pairings circulating in breach dumps, touching almost every major ministry from defence and foreign affairs to finance. Around 120 of those records allegedly belong to defence staff, with some tracing back to a 2023 breach of NATO's eLearning platform and a spike of leaks in 2021 — yet the data keeps showing up into 2026. Who guards the guardians when their credentials are reused like grocery lists?

The pictures are embarrassingly familiar. A colonel in "information security" used the password "FrankLampard." A district director had "123456aA." A senior figure linked to Hungary's NATO delegation reportedly used a password that literally translates as "cute." One entry, "linkedinlinkedin," appears to be carry‑over from the old LinkedIn breach and was apparently left in use. Reuse, laziness and basic, guessable choices did most of the heavy lifting — not a sophisticated cyberattack.

Signs of active infection, and a stark warning

Bellingcat also flagged infostealer logs tied to dozens of machines, some as recent as last month, and it has been reported that a few of those logs suggest devices may have been genuinely infected rather than merely recycled from old leaks. If true, this moves the story from negligence to active compromise — payroll fraud and account takeover are the stuff of nightmares, but you don't need zero‑days to open the door; you need only one reused password.

The Hungarian government has reportedly been warned. This is more than an IT embarrassment. When defence and NATO‑linked accounts sit alongside shopping and social media creds in breach collections, it raises uncomfortable questions about basic cyber hygiene at state level. Call it human error with national security consequences — and yes, it's a little hilarious until you remember the stakes.

Sources: The Register