19 billion online passwords show a massive susceptibility to cyber security

Passwords are outdated and it is time for technology companies and users to continue. I said there. Whether you like it or not, the weakest connection in cyber security is everything that is based on human input. While organizations continue to invest in firewalls and endpoint security, the most ongoing weak point remains the human password.

The Internet has to deal with poor password practices for a long time, but a recently carried out recognition shows how serious the problem is.

Security researchers have uncovered more than 19 billion new passwords that were collected by hundreds of violations between April 2024 and April 2025. Amazing 94% of these passwords were either reused, predictable or both.

Take part in the free Cyberguy report: Get my experts -Tech tips, critical security warnings and exclusive offers -plus immediate access to my free ultimate fraud manual, if you are registering!

What you need to know

Between April 2024 and April 2025, data from almost 200 separate cyber security incidents were publicly available, as found Cybernews. These were not isolated events. They concerned massive delicacies, including combolists, stealer protocols and compromised databases. A total of over 3 terabytes were analyzed with raw -leaked data, which included more than 19 billion passwords. Only 6 percent of these, just over 1.1 billion, were unique.

“123456” appeared in over 338 million cases for the most frequently used passwords. Words such as “password” and “admin” followed close behind despite years of public warnings. Such default settings often come from devices such as routers or enterprise tools, in which they are rarely changed and often reused.

1.7 billion passwords are leaked in the dark web and why their is at risk

Personal names also remain a common pattern. The name “Ana” appeared in almost 179 million passwords, followed by countless other first names and name base combinations. Pop culture, food, cities and even swear words were often topics. Words like “Mario”, “Love”, “Pizza”, “Rome” and various obsanities were not just creative decisions. You are now security liabilities.

Even worse, attackers no longer have to advise. You have automation. In hundreds of platforms, billions of known passwords are now filled out on hundreds of platforms by the login information and the accounts are violated for up to two percent. This corresponds to thousands of compromised profiles, bank accounts, e -mails and cloud tools every day.

200 million social media records are leaked in large X data injuries

The bigger problem

According to Cybernew's researcher Neringa Macijauskaite, the core problem is not only weak passwords, but how often they are reused. Only six percent of the passwords are clear. For most users, security completely depends on Two-factor authenticationif it is activated at all.

Most passwords fall between eight and 10 characters, although eight are most common. Around 27 percent of them only contain small letters and digits, which makes them very susceptible to Brute -Force attacks. Less than 20 percent use a mixture of cases and numbers, and only a small part contains symbols.

How safe is my password? Use this test to find out this

Despite widespread educational efforts, user habits remain stagnating, but a positive trend has arisen. In 2022, only one percent of the passwords used a mixture of small letters, capital letters, numbers and symbols. Now this number has increased to 19 percent, probably due to stricter password requirements via platforms.

Get a Free scan To find out whether your personal data is already on the Internet.

The personnel company confirms 4M records that were exposed in Major Hack

A password manager is the solution

Reused or weak passwords represent a massive threat, not only for individuals, but also for organizations. A single compromised password can trigger a domino effect and uncover several accounts in all services. Chew you to use A Password manager Generate and save complex passwords. Get more details about mine Best expert-tested password managers from 2025 here.

Four options to stay safe from password defects

The protection of your data requires a mixture of intelligent safety habits and reliable tools. Here are four effective ways to keep your information safe.

1. Activate the two-factor authentication (2FA): Even if your password is stolen 2fa Add an additional security level by required a second form of check, e.g. B. a code from an authentication app or a biometric confirmation. Cybercriminals rely on stolen user names and passwords to take accounts into account. With 2FA, however, you cannot get access without the additional safety step. Activate 2FA on important accounts such as email, banking and work-related registrations.

2. Use strong antivirus software and be careful with downloads and left: Infostal malware is the main cause of why your password is out there. It often spreads through malicious downloads, phishing -e emails and fake websites. Avoid downloading software or files from non -trustworthy sources and always check on the left before clicking on you. Interfeit attackers disguise malware as legitimate software, games cheats or cracked applications. Therefore, it is best to stick to official websites and app stores for downloads.

The best way to protect yourself from malicious links, install malware and possibly access your private information is to have installed a strong antivirus software on all devices. This protection can also draw your attention to Phishing -E emails and ransomware frauds in order to keep your personal data and digital assets secure. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3. Keep the software updated: Cyber ​​criminal use outdated software to deliver malware. Keep your operating system, the browser and your security software up to date Make sure that known weaknesses are patched. Activate automatic updates, whenever possible, and install the serious antivirus or endpoint protection software with which Infostaler threats can be recorded and blocked before you endanger your system.

4. Take into account a personal data removal service: These services can help remove your personal data from data broker websites and reduce your risk of identity theft, spam and targeted fraud. While no service can guarantee complete removal of your data from the Internet, a data removal service is really an intelligent choice. They are not cheap and not their privacy either. These services do the entire work for you by actively monitoring your personal data and systematically deleting hundreds of websites. It is what is calmed down and has proven to be the most effective way to delete your personal data from the Internet. By limiting the available information, you reduce the risk of fraudsters to refer the data from violations of violations with information on the dark web, which makes it more difficult for you to target it. Take a look at my top selection for data removal services here.

Subscribe to Kuts YouTube channel for short video tips on how you can edit all your tech devices

Kurts important snack bars

When it matters, passwords just don't cut it anymore. The sheer number of passwords leaked through and the fact that so few are clear show how vulnerable we really are. Cybercriminals become smarter and faster, but we don't have to make it easy for you. By using password managers, the activation of the two-factor authentication, maintaining our software and taking into account additional data protection tools, we can recapture a certain amount of control over this situation. It could require a little effort to change old habits, but the peace of mind they get is worth it.

Click here to get the FOX News app

How many of your accounts use the same password or variation? Let us know by writing us Cyberguy.com/contact

Subscribe to my free Cyberguy report newsletter by going more of my tech tips and security warnings Cyberguy.com/newsletter

Ask Kurt a question or let us know which stories you want to treat from us.

Follow Kurt on his social channels:

Answers to the most placed cyberguy questions:

New from Kurt:

Copyright 2025 Cyberguy.com. All rights reserved.