Over 19 Billion Passwords Leaked: What Can You Do to Protect Yourself?
More than 19 billion leaked passwords are floating around the internet, becoming a huge data warehouse for hackers to exploit. This is an unprecedented serious threat, raising concerns about a wave of large-scale global cyber attacks.
In the era of strong digitalization, when data leaks and cyber attacks are increasing rapidly, protecting personal accounts is no longer an option, but has become an urgent need to ensure information security and privacy.
In just the past few months, cybersecurity experts have seen the number of leaked passwords grow exponentially, from 800 million to 1.7 billion and quickly reaching 2.1 billion.
.jpg)
The cause of this increase is determined to come from malware attacks that are exploding on an unprecedented scale.
However, a newly published report has overshadowed all of the above “huge” numbers. The Cybernews research team has just revealed a shocking analysis, according to which, more than 19 billion leaked passwords, specifically 19,030,305,929 passwords are currently being shared publicly on the dark web and cybercrime forums, ready for anyone to exploit.
Imagine a giant “password vault,” containing information from more than 200 data breaches in just 12 months, since April 2024, all paired with valid email addresses, creating a gold mine for large-scale automated attacks.
What's more, this dataset only includes publicly available passwords, which means there are billions of other passwords still being shared underground or stored in private data repositories of hacker groups.
When laziness becomes an “open door” for hackers
Of the more than 19 billion passwords leaked, only 6% were unique, or about 1.14 billion. This means that the remaining 94% of passwords were reused across multiple accounts and services.
This is the “fatal weakness” that makes credential stuffing attacks extremely effective.
Even more worrying, 42% of leaked passwords are just 8 to 10 characters long, making it easier than ever to crack passwords using automated brute-force methods.
Additionally, 27% of passwords only contain lowercase letters and numbers, with no special characters or uppercase letters, further reducing security.
“The use of default passwords remains one of the most common and dangerous practices in all data breaches,” said Cybernews security expert Neringa Macijauskaitė. Specifically, the analysis showed that 53 million cases used 'admin' and 56 million used 'password' as the primary password.
“Hackers are very likely to try these common passwords first, making them one of the least secure options,” Macijauskaitė warns.
Survival Tip: Never Reuse Passwords
Macijauskaitė also offers a vital warning: never reuse the same password across multiple accounts. Because if just one of the services you use is compromised, your entire ecosystem of personal accounts could be compromised in a domino effect.
“Even before an attack occurs, hackers are constantly collecting common password patterns, copies of leaked credentials, and cracked hashes, which are being used to launch increasingly sophisticated attacks that bypass traditional protections,” said Macijauskaitė.
How to protect personal accounts from cyber threats?
As cybercrime becomes more sophisticated, protecting personal accounts is more important than ever. Cybersecurity experts recommend that users take the following steps to enhance security:
- Create strong, unique passwords for each account:Avoid using common, easy-to-guess passwords like “123456” or your birth date. Each account should have a unique password that includes a combination of uppercase and lowercase letters, numbers, and special characters for added complexity.
- Enable two-factor authentication (2FA):This is an extra layer of security that requires users to confirm their identity with a temporary code sent via phone, email, or authentication app. This helps prevent unauthorized access even if an attacker obtains your password.
- Use a password manager:Password managers like 1Password, LastPass, or Bitwarden can generate and store hundreds of strong, random passwords, saving you the trouble of remembering each one. They can also help you check if your passwords have been leaked.
- Be careful with suspicious links and requests:Don't click on links in emails, text messages, or social media posts if you're not sure of the source. Never provide login details through suspicious forms, even if they appear to come from a bank, a familiar service, or a loved one.
Taking these simple yet effective measures can help you avoid many potential security risks and keep your digital identity safe online.
While the number of over 19 billion leaked passwords may sound alarming, it doesn’t mean the end of personal security. By taking proactive steps today, you can reduce your risk and protect yourself from increasingly sophisticated cyberattacks.