19 billion passwords have leaked online: how to protect themselves
Passwords are outdated, and it is time for technology companies and users to move forward. There I said it. We like it or not, the weakest link in cybersecurity is anything that is based on human entry. While organizations continue to invest in Firewalls and final point security, the most persistent vulnerability remains the human password.
Internet has long fought with bad password practices, but a recent discovery stands out how serious the problem is.
Security researchers have discovered more than 19 billion newly filtered passwords, compiled from hundreds of infractions between April 2024 and April 2025. A surprising 94% of these passwords were reused, predictable or both.
Unique Cyberguy’s free report: Obtain my expert technology advice, critical safety alerts and exclusive offers, in addition to instant access to my free -fashionable debt survival guide when you register!
Illustration of a hacker at work. (Kurt “Cyberguy” Knutsson)
What you need to know
Between April 2024 and April 2025, the data of almost 200 separate cybersecurity incidents were publicly available, as discovered by Cybernews. These were not isolated events. They involved massive leak repositories, including compromise, stolen records and compromised databases. In total, more than 3 non -process filtered data terabytes were analyzed, comprising more than 19 billion passwords. Only 6 percent of these, just over 1,100 million, were unique.
Among the most used passwords, “123456” appeared in more than 338 million instances. Words like “password” and “administrator” followed very close, despite years of public warnings. Such predetermined values often originate from devices such as routers or business tools, where they are rarely changed and reused frequently elsewhere.
1.7 billion passwords filtered on the dark website and why theirs is at risk
Personal names remain a common pattern as well. The name “Ana” appeared in almost 179 million passwords, followed by innumerable other names and combinations based on names. Pop culture, food, cities and even swearing words were frequent issues. Words like “Mario”, “Love”, “Pizza”, “Rome” and several blasphemies were not only creative options. They are now security liabilities.
Worse, attackers no longer need to guess. They have automation. Credential filling tools are now executed through billions of passwords known in hundreds of platforms, violating success at success up to two percent. That is equivalent to thousands of committed profiles, bank accounts, emails and cloud tools every day.
Illustration of a hacker at work. (Kurt “Cyberguy” Knutsson)
200 million social media records filtered in data violation x Major X
The biggest problem
According to Cybernews Ninga Macijauskaite, the central problem is not only weak passwords, but how often they are reused. Only six percent of passwords are unique. For most users, security depends completely on two factors authenticationif you are enabled at all.
Most passwords fall between eight and 10 characters, being eight the most common. About 27 percent of them contain only letters and digits in lowercase, which makes them very vulnerable to brute force attacks. Less than 20 percent use a combination of cases and numbers, and only a small fraction includes symbols.
How sure is my password? Use this test to find out
Despite generalized educational efforts, user habits remain stagnant, but a positive trend has emerged. In 2022, only one percent of passwords used a combination of lowercase, capital letters, numbers and symbols. Now that figure has increased to 19 percent, probably driven by more strict password requirements on all platforms.
Get a free scan To know if your personal information is now available on the web.
Illustration of a hacker at work. (Kurt “Cyberguy” Knutsson)
The human resources firm confirms the 4m records set out in the main trick
A password administrator is the solution
Reuse or weak passwords represent a massive threat, not only for people but for organizations. A single compromised password can activate a domino effect, exposing multiple accounts between services. Consider using a Password administrator to generate and store complex passwords. Get more details about me The best password administrators reviewed by experts from 2025 here.
Four ways to stay safe from scammers who steal passwords
Protecting your data requires a combination of smart security habits and reliable tools. Here are four effective ways to maintain your safe information.
1. enable two factors authentication (2FA): Even if your password is stolen, 2fa Add an additional safety layer to require a second form of verification, such as a code of an authentication application or biometric confirmation. Cybercriminals are based on user names and stolen passwords to divide in accounts, but with 2FA enabled, they cannot obtain access without the additional security step. Be sure to enable 2FA in important accounts such as email, banking and session related to work.
2. Use strong antivirus software and be careful with downloads and links: Infotealer malware is the root cause of why your password is out there. It is often extended through malicious downloads, phishing electronic emails and false websites. Avoid downloading software or files from non -reliable sources and always check the links before clicking on them. The attackers disguise malware such as legitimate software, games of games or cracked applications, so it is better to meet the official websites and application stores for downloads.
The best way to safeguard the malicious links that install malware, which potentially access their private information, is to have strong antivirus software installed on all its devices. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets. Get my elections for the best antivirus protection winners 2025 for your Windows, Mac, Android and iOS devices.
3. Keep updated software: Cybercriminals exploit obsolete software to deliver malware. Maintaining your operating system, browsers and updated safety software Ensures that known vulnerabilities are paveled. Enable automatic updates whenever possible and install a good reputation antivirus or final point protection software that can detect and block infants infants threats before compromising your system.
4. Consider a personal data disposal service: These services can help eliminate their personal information from Data Broker sites, reducing their risk of identity theft, spam and specific scams. While no service can guarantee the complete elimination of your Internet data, a data removal service is really an intelligent option. They are not cheap, and it is not your privacy either. These services do all the work by you by actively monitoring and systematically erasing your personal information from hundreds of websites. It is what gives me peace of mind and has proven to be the most effective way to erase your personal internet data. By limiting the available information, it reduces the risk of cross -references data of infractions with information they can find in the dark network, which makes it difficult to be pointed out. See my best selections to obtain data disposal services here.
Subscribe to Kurt’s YouTube channel to obtain fast video tips on how to work all its technological devices
Kurt’s Key Takeways
When it comes to that, passwords no longer cut it. The large number of filtered passwords and the fact that so few are unique show how vulnerable we really are. Cybercriminals are becoming more intelligent, but we don’t have to facilitate them. When using password administrators, enable two factors authentication, maintain our updated software and consider additional privacy tools, we can recover some control over this situation. It may require some effort to change the old habits, but the tranquility you get is worth it.
Click here to get the News application
How many of your accounts use the same password or a variation? Get us knowing in Cyberguy.com/contact
To obtain more technological tips and safety alerts, subscribe to my free Cyberguy Report newsletter when you head Cyberguy.com/newsletter
Ask Kurt or tell us what stories you would like us to cover.
Follow Kurt in his social channels:
- YouTube
Answers to the most informed Cyberguys questions:
- What is the best way to protect your MAC devices, Windows, iPhone and Android to be pirate?
- What is the best way to stay private, safe and anonymous while navigating the web?
- How can I get rid of robocalls with data elimination applications and services?
- How do I eliminate my private internet data?
New Kurt:
- Try the new Cyberguy games (crosswords, words searches, trivia and more!)
- Cyberguy exclusive coupons and offers
- Do not miss these better offers and discounts on the day of the fallen
Copyright 2025 Cyberguy.com. All rights reserved.
Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business Startzing Mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.