Hackers have leaked 19 billion passwords

In one of the greatest digital security shocks ever 19 billion passwords have now circulated online and only 6% of them are actually unique! After a Massive study Between April 2024 and April 2025, over 200 data injuries took place from Cybernews, which led to a breathtaking 19.030.305,929 real passwords that were leaked online. Even more alarming 94% These passwords were used either by the same person or via various users and platforms.

What is worse? Most of these passwords are incredibly easy to crack for hackers. The analysis shows that 42% The passwords are only 8-10 characters long, and 27% only use small letters and numbers, no special characters, no letters and absolutely no strength.

Neringa Macijauskaitė saidA researcher for information security at cybernews.

“Despite years of security education, users still prefer shorter passwords because they are easier to tap and memorize. It is recommended to use at least 12 characters for a password.”

Most common passwords are still weak and reused. Do you make the same mistake?

The study shows that people continue to use standard, lazy and guessed passwords. For example:

• 1234 was used in 4% of all passwords 727 million passwords!
• 123456 appears in 338 million passwords.
• The word password was used in 56 million passwords.
• Admin came up in 53 million.
• These two passwords and 123456 have exceeded the worst password list since at least 2011.

Macijauskaitė saidPresent

“The” Standard password “problem remains one of the most continuing and dangerous patterns in the trimmed data records. Attacker also prioritize and make these passwords the least secure.”

Cybersecurity experts ask users not to reuse passwords via different websites or services. This can lead to a dangerous chain reaction. We face a widespread epidemic of the weak reuse of password.

Macijauskaitė explained

“If you reuse passwords on several platforms, a violation in a system can endanger the safety of other accounts and create a domino effect. Attachers constantly harvest the latest registration information from exposed information stealers and recently cracked hashes.”

And they are not just numbers or basic words. Many passwords are based on the names of the people, with “Ana” the most common in 178.8 million passwords! If the researchers compared the data with the 100 most popular names of 2025, they found that there is an opportunity of 8% that a name is used in a password.

Even swear words are common in passwords. For example:

• The F-word appeared in 16 million passwords.
• “Ass” was found 165 million times (mainly in words such as password or passport).

Many users also choose passwords based on positive topics or references to pop culture and think that they will easily remember. That is exactly why they are easy to chop. Macijauskaitė saidPresent

“Positive associations, admired characters and nostalgia familiarize people and are easy to commemorate. However, popularity becomes predictability that is exploited by attackers.”