How Many Passwords are Hacked Every Day?
Concerned about online security, read this!
12 min. read
Updated on
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- It is hard to get very accurate data about how many passwords are hacked every day, but we did find a few reliable sources.Â
- The last few years witnessed an increase in terms of hacking and personnel data being stolen online.
- Do not forget to check our tips to create strong passwords and prevent hacking attempts.
Strong passwords are critical to online security, but it seems that many are yet to realize the fact. The statistics say it all! So let’s find out how many passwords are hacked every day and maybe, get you to choose a stronger password if you don’t have one already.
Password managers are one of the ways to create a strong password, but not many use them. We believe that by the time you are done with this article, you will either be choosing a stronger password, relying on a password manager, or using an anti-hacking tool.
How many passwords are hacked daily?
According to research from the University of Maryland in 2007, hackers attacked every 39 seconds, meaning a total of 2,244 times each day. And, mind you, that was in 2007. The Internet today is far more expansive, with an exponentially higher user base.
Every other day, we hear about a multinational company losing access to its servers due to hacking or confidential customer information being leaked.
Imagine, if a corporation with vast resources can’t eliminate the threat of hacking, do individual users with fairly easy passwords even stand a chance? That’s a topic for another day, but the recent password-hacking statistics will surely baffle you.
Estimated number of passwords hacked each day
According to the Inc. Magazine, experts estimate that 100 passwords get stolen every 1 second, around 8 million per day. In reality, it can be even worse.
Some sources stated that at least 8 billion passwords were exposed online within the last ten years. Considering that number, it is almost 2.2 million daily on average!
As per a report published in 2019, hackers uploaded 2.2 billion login credentials (email addresses and passwords) to the dark web.
A 2019 study found around 143000 passwords are stolen per day
Another study in 2019 by Breach Alarm (discontinued) found that more than one million passwords are stolen weekly, thus translating to approximately 142,857+ passwords daily.
This one is the most accurate statistic about daily successful password hacking activity from any organization. Given it’s from 2019, the numbers today would be much higher.
How many passwords were stolen each day in 2018?
The above one is not the actual situation for every year. If we look at the different sources, we will find various statistics. In 2018, attackers exposed 2.5 billion accounts online.
If we consider that number, we can say that hackers exposed about 6.85 million accounts on the open internet or dark web daily in 2018. So though there were passwordless accounts, that may be pretty low in number.
36 billion records, including passwords, were stolen in 2020
In 2020, according to Security Magazine, there were 36 billion records stolen by hackers. It is unknown how many of them were passwords.
Unfortunately, 2020 was one of the worst years for the Internet world. During the pandemic, people started working remotely and heavily relied on the Internet for almost everything, which made it easier for hackers to target accounts.
There were around 99 million accounts exposed online each day in 2022. So even though we are not sure about how many of these records were user credentials, one thing we can be sure of is the number may be alarmingly high.
Attackers exposed 9 million hacked passwords each day in 2021
If we look at the most recent data, which is about the year 2021, the number is very alarming. CyberNews said that cybercriminals leaked about 3.27 billion unique pairs of passwords on a popular forum.
But, the number of hacked passwords could be even more than that number.
Based on 2021’s data, we can see that approximately 9 million hacked passwords were exposed each day last year. So it is more than the estimation made by the experts.
There is no official data on the daily number of hacked passwords, and we can only estimate based on the publicly available statistics online.
More than 80% of successful hacks were due to weak passwords
This highlights the importance of using a strong password for all accounts, be it work or personal. About 50% of people use the same password for their official and personal accounts.
It remains a matter of concern for experts in the field of cyber security. Remember, using a different password for each account could go a long way in preventing cyber attacks.
59% of users include their birthday or name in the password
Another common concern shared by experts is people using easily identifiable information as their passwords, be it birthdays, their own name, or that of relatives and pets.
As a result, the number of successful hacking attempts has increased tremendously in the last few years, with social media accounts being one of the prime targets.
A hacking attempt using scripts takes place every 39 seconds
Scripts are deployed to guess the username (or email address) and password, and their use has increased exponentially in the last few years.
Hacking is getting more advanced with each passing day, and so should you to ensure online security.
Most users have passwords with 8 characters or less
Shorter passwords are usually easy to crack, and as per recent statistics, more than 50% of passwords have 8 characters or less, making these users more vulnerable to attacks.
30% of the users don’t lock their mobile phones
According to available data collected from reliable sources, close to 30% of mobile users never lock their devices because entering the password each time seems like a task to them.
Devices like these are more prone to attack, not just through the web but also physically. Anyone with physical access to the device can easily find critical information, including usernames and passwords.
Younger generations are more prone to hacking, with 78% using the same password for several accounts
When it comes to online security, the younger generation, contrary to popular belief, seems to be falling behind. Close to 78% use the same password for multiple accounts.
In a recent survey, 44% of those interviewed in the age group of 16-24 couldn’t define Phishing, yet 71% are confident of not falling for a phishing attempt. If these numbers are anywhere close to the on-ground situation, it’s time they are more careful.
57% percent use Sticky Notes to store passwords
Sticky Notes, though a handy app, should be in no way used for jotting down passwords since anyone with access to the computer, be it physically or virtually, can find them.
Also, 49% use text documents for storing passwords which is again a big NO.
Hacked passwords in 2021 and 2022
We have already mentioned that 3.27 billion passwords were hacked in 2021, which is about 9 million daily if we do the average.
Unfortunately, it’s impossible to feature that enormous number of credentials in this article. But we can give you the list of the worst password-hacking incidents.
After doing some research, we found the top 10 worst password breaches in 2021 and 2022.
1. Twitter
Twitter suffered one of the biggest-ever data breaches, with login credentials of more than 5.4 million users acquired by a hacker who goes by the alias Devil.
Also, Twitter confirmed the same and advised users to enable 2FA (Two Factor Authentication) to secure their accounts.
2. Credit card details of 1.2 million users were posted online
In another significant hacking incident in 2022, the credit card details of more than 1.2 million users were posted online and were available for free.
It had all the critical details required to make online transactions, putting the users who owned them at a major risk.
3. SolarWinds
SolarWinds’s password breach incident was the dumbest one in February 2021. According to the company, foreign hackers were behind the hacking activity.
The company also blamed an intern for creating a weak password of “solarwinds123,” exposed online.
4. COMB
COMB stands for the term Compilation of Many Breaches. It comprises a group of data breaches (approximately 252) that occurred in recent years.
The criminals posted the hacked data on a popular hacking forum. The alarming matter is it had 3 billion unique login credentials from popular websites like Netflix, Linkedin, Bitcoin, etc.
5. Verkada
A group of international hackers found an admin username and password leaked online. Then, they accessed more than 5000 Verkada cameras.
It helped them get a live view of the locations where people or organizations put these cameras. Surprisingly, hackers could get the idea from Tesla factories, warehouses, hospitals, gyms, schools, jails, etc.
6. RockYou2021
The RockYou2021 is another significant data breach that revealed a 100 GB text file that contained about 8.4 billion passwords. However, not all of these were hacked in 2021. Instead, most of its data came from past breaches.
7. Microsoft
In March 2021, Microsoft mentioned a cyberattack by a group of Chinese hackers called Hafnium. The attackers were able to gain access to some servers by using stolen passwords.
However, Microsoft released patches to fix the vulnerabilities and suggested the users change their login credentials after the incident.
8. Ticketmaster
At the beginning of 2021, the news of this hacking incident came to the mainstream media. Some employees at Ticketmaster hacked into a rival company’s computer to collect business intelligence.
It helped them to take the commercial advantages in many ways. However, later, the company had to pay a fine of $10 million.
9. GoDaddy
The famous hosting company GoDaddy suffered a data breach last year. In November 2021, this company stated that more than 1.2 million of its customers were affected by a security breach.
Hackers were able to gain access to its managed WordPress hosting environment using a compromised password. Attackers exposed many Godaddy customers’ WordPress Admin passwords, email addresses, SSL private keys, etc.
10. New York City Law Department
In June 2021, the New York City Law Department suffered a severe cyberattack. Hackers could access sensitive information, including evidence of police misconduct, medical records, personal data of city employees, etc.
It happened due to just one employee’s stolen email account password. This incident has been one of the most mentionable password breach incidents in 2021.
Most common passwords in 2022
People used a similar set of passwords in 2022 as the years before, and the most common ones were the easiest to crack, some requiring even less than a second. Here is the list of the top 15 most common passwords in 2022:
- password
- 123456
- 123456789
- guest
- qwerty
- 12345678
- 111111
- 12345
- col123456
- 123123
- 1234
- 1234567890
- 000000
- 555555
- 666666
Hacked passwords list
After attackers hack a password, then they store it in a database. Later, they expose it on the Internet. So, we have tried to look at the most common leaked passwords on the dark web.
According to our findings, these are the most hacked passwords in 2022:
- password
- 123456
- 123456789
- guest
- qwerty
- 12345678
- 111111
- 12345
- col123456
- 123123
Are you using any of these silly passwords? If yes, please don’t! Go and set a solid password for your online accounts. Otherwise, you are at high risk.
Most common hacked password categories
A recent study based on the breached passwords from the National Counterintelligence and Security Center (NCSC) revealed 30 categories of passwords.
Based on that, we have listed the top 10 of these hacked password 2021 categories. Here are they:
| Serial | Category | Total breached passwords |
|---|---|---|
| 1 | Pet names/terms of endearment | 4,032 |
| 2 | Names | 3,913 |
| 3 | Animals | 2,112 |
| 4 | Emotions | 1,917 |
| 5 | Food | 1,662 |
| 6 | Colors | 1,450 |
| 7 | Swear words | 1,268 |
| 8 | Actions | 991 |
| 9 | Family Members | 723 |
| 10 | Car Brands | 606 |
If you have a password that contains a phrase that fits under any of these categories, it’s time to change it.
Worldwide spending on cyber security is $36.44 million per day
According to some data, experts predicted that worldwide spending on cyber security could reach up to 133 billion US dollars in 2022. We can say it may be $36.44 million each day based on the prediction.
Hackers create 300,000 new malware daily to steal password
According to McAfee, an anti-malware and antivirus developer, everyday hackers have made around 300 thousand unique pieces of malware that can steal your personal information, including passwords.
How many passwords are created each day?
We already got an idea about how many passwords are hacked each day. But what about the number of passwords created daily? Let’s find it out.
According to data from SC Magazine, there will be 300 billion passwords in 2020. Another data source says there were 4.5 billion Internet users in 2020.
According to a password manager, NordPass, an average Internet user had 80 passwords to remember in that year. It means the total number of passwords was 360 billion, higher than SC Magazine’s prediction.
However, in 2022, average users have 100 passwords, and there are 4.95 billion internet users. That means there are 495 billion passwords. In the last two years, we saw a 135 billion increase in the last two years.
According to this estimated data, we can say that there are 180 million passwords created each day. Note that most of them are machine passwords, not human passwords. So, the number may seem excessively high.
How frequently should people reset passwords?
Unfortunately, most people don’t take action even after knowing about the risk. More than 60% of people don’t update their passwords regularly. Only 31.3% of users update their passwords at least once a year.
If you want to protect your online accounts, experts recommend updating the passwords at least once every 60-90 days.
How to create a strong password?
1. Include numbers, upper & lower case, and special characters
The first step to creating a strong password is the combination of numbers, capital letters, smaller letters, and symbols.
An example of a strong password with this combination can be the following one: OnLA8b91@m&W
2. Make the password length atleast 12 characters
Many people tend to keep the password smaller to remember it easily. But it would be best if you made it long enough. Usually, between 12 to 16 characters should be the standard length.
3. Avoid the common phrases
One of the bad practices of creating a password is using common phrases. Do not use your name, English words, or popular terms in the password.
4. Use words that are not in the dictionary
A quick and simple tip while creating passwords is to have one that doesn’t use phrases or words found in the dictionary. It would be even better if the phrase used is grammatically incorrect.
5. Use a password generator
Sometimes, it can be tricky to create a strong and unique password yourself. In this case, you can use a reliable tool that automatically generates passwords.
There are many excellent password generator tools available. You can use any of them you want.
Now that you have an idea about how many passwords are hacked every day, make sure to create a strong one using the tips presented here.
Also, using a safe password manager with multi-factor authentication goes a long way in ensuring online security.
If you have an opinion about this article, please feel free to comment below.
