🔴 Website 👉 https://u-s-news.com/
Telegram 👉 https://t.me/usnewscom_channel
Your password is probably hacker bait.
Cybersecurity researchers have discovered that 19 billion passwords are circulating online — and only 6% of these leaked passwords were unique, meaning they weren’t reused or duplicated.
Researchers at Cybernews studied more than 200 data breaches that occurred between April 2024 and April 2025.
Of the 19,030,305,929 real passwords exposed online, 94% had been reused across accounts and services, either by the same person or by different users entirely.
And the most common passwords were all too easy for hackers to decode: 42% were only 8-10 characters in length, and 27% contained only lowercase letters and numbers with no special characters or mixed-case variation.
“Despite years of security education, users still prefer shorter passwords because they are easier to type and memorize. It’s recommended to use at least 12 characters for a password,” Neringa Macijauskaitė, information security researcher at Cybernews, said in a statement.
One of the major issues is that many people stick with “default” passwords and lazy, simple keyboard combinations.
The analysis found that “1234” is used in almost 4% of all passwords, meaning over 727 million passwords use this sequence. When expanding that sequence to “123456,” 338 million passwords use it.
The research also revealed that 56 million passwords use the word “Password” and 53 million use “admin.” Since at least 2011, “Password” and “123456” have been the most popular passwords.
“The ‘default password’ problem remains one of the most persistent and dangerous patterns in leaked credential datasets,” Macijauskaitė said. “Attackers, too, prioritize them, making these passwords among the least secure.”
The cybersecurity experts also recommend to never reuse passwords across different accounts and sites in order to keep your information safe.
“We’re facing a widespread epidemic of weak password reuse,” Macijauskaitė explained.
“If you reuse passwords across multiple platforms, a breach in one system can compromise the security of other accounts, creating a domino effect,” the researcher warned. “Attackers constantly harvest the latest credential dumps from exposed info-stealers and recently cracked hashes available publicly.”
Researchers also discovered that many compromised passwords relied heavily on names, and Ana was the most popular password name used, appearing in 178.8 million passwords.
“Many users choose a name as part of their password. We cross-referenced the dataset with the 100 most popular names of 2025 and found that there’s a whopping 8% chance for them to be included as part of a password,” the researcher explains.
Even curse words were commonly used in passwords. For example, 16 million passwords included the F-word. The top entry, “ass,” was found 165 million times — but that can partly be explained by the use of use of “pass” or “password.”
Many also choose passwords inspired by positive concepts or pop culture terms. “Positive associations, admired characters, and nostalgia make people feel familiar and are easy to recall. However, popularity becomes predictability, exploited by attackers,” Macijauskaitė explained.
To create strong passwords and increase overall security, the experts suggest taking the following measures:
- Use password managers to create and store unique, strong passwords for every service.
- Never reuse passwords.
- Make sure your password is at least 12 characters long and includes uppercase letters, lowercase letters, numbers and at least one special symbol. Skip words, names, sequences or other recognizable strings. “Complexity beats length.”
- Enable multi-factor authentication when possible.
- Review access controls regularly and perform regular security audits.
- Monitor and react to credential leaks.
- For organizations, enforce policies that require passwords to be at least 12 characters long — ideally 16 — using a mix of uppercase and lowercase letters, numbers and special characters.