Your password is probably hacker bait.
Internet security researchers have found that 19 billion passwords are circulating online – and only 6% of these leaked passwords were unique, meaning they were not reused or copied.
Researchers at Cybernews studied more than 200 data violations that occurred between April 2024 and April 2025.
From 19.030.305.929 true internet passwords, 94% were reused to accounts and services, either by the same person or from different users completely.
And the most common passwords were all very easy for hackers to decipher: 42% were only 8-10 characters in length, and 27% contain only letters and small numbers without particular character or changes in mixed cases.
“Despite years of security education, users still prefer shorter passwords because they are easier to write and memorize. It is recommended to use at least 12 characters for a password,” Neringa MacijaUSKAITE, information security researcher at Cybernews, said in a statement.
One of the main issues is that many people stick with “predetermined” passwords and simple, simple keyboard combinations.
The analysis revealed that “1234” is used in almost 4% of all passwords, which means that over 727 million passwords use this sequence. When you expand that sequence to “123456”, 338 million passwords use it.
The research also found that 56 million passwords use the word “password” and 53 million use “administrator”. Since at least 2011, “password” and “123456” have been the most popular passwords.
“Problem of the” predetermined password “remains one of the most continuous and dangerous models in the credentials data leaked,” MacijaUSKAITE said. “The attackers also prioritize them, making these passwords among the least safe.”
Internet security experts also recommend that you never reuse passwords through various accounts and pages in order to keep your information secure.
“We are facing a widespread epidemic of poor password reuse,” MacijaUSKAITE explained.
“If you reuse passwords across multiple platforms, a violation in a system can endanger the safety of other accounts, creating a domino effect,” the researcher warned. “The attackers are constantly reaping the latest credentials landfills by the thieves of information exposed and have recently cracked publicly available.”
The researchers also found that many compromised passwords were heavily based on names, and Anna was the most popular password name used, appearing in 178.8 million passwords.
“Many users choose a name as part of their password. We referred data with the 100 most popular names of 2025 and found that there is a great deal of 8% for them to be included as part of a password,” the researcher explains.
Even the curse words are usually used in passwords. For example, 16 million passwords included the word F. High Input, “Donkey” was found 165 million times – but this can be partially explained by the use of “passage” or “password”.
Many also choose passwords inspired by positive concepts or terms of pop culture. “Positive associations, admired characters and nostalgia make people feel known and are easy to remember. However, popularity becomes predicted, exploited by attackers,” MacijaUSKAITE explained.
To create strong passwords and increase overall safety, experts suggest taking the following measures:
- Use password managers to create and store unique, strong passwords for each service.
- Never reuse passwords.
- Make sure your password is at least 12 characters long and includes uppercase letters, lowercase letters, numbers and at least one particular symbol. Transfer words, names, sequences or other popular verses. “The complexity beats the length.”
- Activate the certificate with many factors when possible.
- Review entry controls regularly and perform regular security audits.
- Monitor and respond to credentials leaks.
- For organizations, apply policies that require passwords to be at least 12 characters long – ideally 16 – using a mix of uppercase and lowercase letters, numbers and special characters.
#main #password #violation #sees #million #leaked #check #compromised
Image Source : nypost.com