Thailand's cybersecurity authority has warned that weak and reused passwords remain one of the biggest gateways to modern cyber-attacks, with leaked login credentials increasingly being exploited to gain access to mobile banking accounts, corporate systems and users' broader digital identities.
National Cyber Security Agency (NCSA) secretary-general AVM Amorn Chomchoey delivered the warning during the recent Fortinet Accelerate 26 APAC – Thailand Edition Fast Forward Edition, where he outlined the country's evolving cyber-threat landscape and revealed statistics on the "Top 20 Most Used Passwords in Thailand".
The findings showed that many Thai users continue to rely on easily guessable passwords such as "123456", "12345678", "1234", "password" and "admin", underscoring persistent weaknesses in basic cybersecurity practices.
AVM Amorn said credential leaks -- involving stolen usernames and passwords -- remain among the primary causes of cyber-attacks worldwide, particularly as cybercriminals increasingly target user accounts rather than attempting technically sophisticated system intrusions.
"Hackers today often do not need advanced techniques to penetrate systems," he said. "If they can obtain leaked credentials or easily guessed passwords, they may immediately gain access to email accounts, enterprise systems, mobile banking platforms, cloud storage services and other critical digital assets."
He warned that password reuse across multiple services significantly increases the risk of so-called "credential stuffing" attacks, in which cybercriminals use previously leaked usernames and passwords to automatically attempt logins across various online platforms.
According to the NCSA, compromised account credentials are widely traded on the dark web, sometimes for only a few dozen baht, yet can lead to extensive damage.
Such breaches may result in identity theft, unauthorised access to personal data, hijacked social media accounts, online fraud targeting victims' contacts, and even cyber-intrusions into corporate networks or critical national infrastructure.
Mr Amorn said many large-scale data breaches are no longer driven solely by highly sophisticated attacks, but increasingly stem from unsafe online behaviour by users themselves.
Common risks include weak passwords, repeated password usage, accessing insecure websites and falling victim to phishing scams that trick users into entering sensitive information on fraudulent sites.
"Cyberthreats today increasingly begin with human behaviour," he said.
"Building cyberhygiene and cyber-awareness is now just as important as investing in security technologies. A single click on a malicious link or reuse of a password may become the entry point for attackers to access an individual's entire digital life."
The NCSA urged both individuals and organisations to strengthen account security by adopting stronger and longer passwords, avoiding password reuse, enabling multi-factor authentication, exercising caution when clicking suspicious links, and changing passwords immediately if a data leak is suspected.
The agency also encouraged the public to check whether their email addresses or accounts have previously appeared in leaked databases via 'Have I Been Pwned', an internationally recognised breach notification platform that allows users to verify whether their credentials were exposed in past data breaches.
"In the digital world, weak passwords may not make life easier. They may simply make it easier for criminals to access our data, finances and identities," AVM Amorn said.
