How Many Passwords are Hacked Every Day?

Concerned about online security, read this!

Reading time icon 12 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • It is hard to get very accurate data about how many passwords are hacked every day, but we did find a few reliable sources. 
  • The last few years witnessed an increase in terms of hacking and personnel data being stolen online.
  • Do not forget to check our tips to create strong passwords and prevent hacking attempts.
how many passwords are hacked everyday - statistics

Strong passwords are critical to online security, but it seems that many are yet to realize the fact. The statistics say it all! So let’s find out how many passwords are hacked every day and maybe, get you to choose a stronger password if you don’t have one already.

Password managers are one of the ways to create a strong password, but not many use them. We believe that by the time you are done with this article, you will either be choosing a stronger password, relying on a password manager, or using an anti-hacking tool.

How many passwords are hacked daily?

According to research from the University of Maryland in 2007, hackers attacked every 39 seconds, meaning a total of 2,244 times each day. And, mind you, that was in 2007. The Internet today is far more expansive, with an exponentially higher user base.

Every other day, we hear about a multinational company losing access to its servers due to hacking or confidential customer information being leaked.

Imagine, if a corporation with vast resources can’t eliminate the threat of hacking, do individual users with fairly easy passwords even stand a chance? That’s a topic for another day, but the recent password-hacking statistics will surely baffle you.

Estimated number of passwords hacked each day

According to the Inc. Magazine, experts estimate that 100 passwords get stolen every 1 second, around 8 million per day. In reality, it can be even worse.

expert thinks 8 million passwords are stolen each day

Some sources stated that at least 8 billion passwords were exposed online within the last ten years. Considering that number, it is almost 2.2 million daily on average!

As per a report published in 2019, hackers uploaded 2.2 billion login credentials (email addresses and passwords) to the dark web.

A 2019 study found around 143000 passwords are stolen per day

Another study in 2019 by Breach Alarm (discontinued) found that more than one million passwords are stolen weekly, thus translating to approximately 142,857+ passwords daily.

This one is the most accurate statistic about daily successful password hacking activity from any organization. Given it’s from 2019, the numbers today would be much higher.

How many passwords were stolen each day in 2018?

The above one is not the actual situation for every year. If we look at the different sources, we will find various statistics. In 2018, attackers exposed 2.5 billion accounts online.

If we consider that number, we can say that hackers exposed about 6.85 million accounts on the open internet or dark web daily in 2018. So though there were passwordless accounts, that may be pretty low in number.

36 billion records, including passwords, were stolen in 2020

In 2020, according to Security Magazine, there were 36 billion records stolen by hackers. It is unknown how many of them were passwords.

Unfortunately, 2020 was one of the worst years for the Internet world. During the pandemic, people started working remotely and heavily relied on the Internet for almost everything, which made it easier for hackers to target accounts.

There were around 99 million accounts exposed online each day in 2022. So even though we are not sure about how many of these records were user credentials, one thing we can be sure of is the number may be alarmingly high.

Attackers exposed 9 million hacked passwords each day in 2021

If we look at the most recent data, which is about the year 2021, the number is very alarming. CyberNews said that cybercriminals leaked about 3.27 billion unique pairs of passwords on a popular forum.

But, the number of hacked passwords could be even more than that number.

Based on 2021’s data, we can see that approximately 9 million hacked passwords were exposed each day last year. So it is more than the estimation made by the experts.

There is no official data on the daily number of hacked passwords, and we can only estimate based on the publicly available statistics online.

More than 80% of successful hacks were due to weak passwords

This highlights the importance of using a strong password for all accounts, be it work or personal. About 50% of people use the same password for their official and personal accounts.

It remains a matter of concern for experts in the field of cyber security. Remember, using a different password for each account could go a long way in preventing cyber attacks.

59% of users include their birthday or name in the password

Another common concern shared by experts is people using easily identifiable information as their passwords, be it birthdays, their own name, or that of relatives and pets.

As a result, the number of successful hacking attempts has increased tremendously in the last few years, with social media accounts being one of the prime targets.

A hacking attempt using scripts takes place every 39 seconds

Scripts are deployed to guess the username (or email address) and password, and their use has increased exponentially in the last few years.

Hacking is getting more advanced with each passing day, and so should you to ensure online security.

Most users have passwords with 8 characters or less

Shorter passwords are usually easy to crack, and as per recent statistics, more than 50% of passwords have 8 characters or less, making these users more vulnerable to attacks.

30% of the users don’t lock their mobile phones

According to available data collected from reliable sources, close to 30% of mobile users never lock their devices because entering the password each time seems like a task to them.

Devices like these are more prone to attack, not just through the web but also physically. Anyone with physical access to the device can easily find critical information, including usernames and passwords.

Younger generations are more prone to hacking, with 78% using the same password for several accounts

When it comes to online security, the younger generation, contrary to popular belief, seems to be falling behind. Close to 78% use the same password for multiple accounts.

In a recent survey, 44% of those interviewed in the age group of 16-24 couldn’t define Phishing, yet 71% are confident of not falling for a phishing attempt. If these numbers are anywhere close to the on-ground situation, it’s time they are more careful.

57% percent use Sticky Notes to store passwords

Sticky Notes, though a handy app, should be in no way used for jotting down passwords since anyone with access to the computer, be it physically or virtually, can find them.

Also, 49% use text documents for storing passwords which is again a big NO.

Hacked passwords in 2021 and 2022

We have already mentioned that 3.27 billion passwords were hacked in 2021, which is about 9 million daily if we do the average.

Unfortunately, it’s impossible to feature that enormous number of credentials in this article. But we can give you the list of the worst password-hacking incidents.

After doing some research, we found the top 10 worst password breaches in 2021 and 2022.

1. Twitter

Twitter suffered one of the biggest-ever data breaches, with login credentials of more than 5.4 million users acquired by a hacker who goes by the alias Devil.

Also, Twitter confirmed the same and advised users to enable 2FA (Two Factor Authentication) to secure their accounts.

2. Credit card details of 1.2 million users were posted online

In another significant hacking incident in 2022, the credit card details of more than 1.2 million users were posted online and were available for free.

It had all the critical details required to make online transactions, putting the users who owned them at a major risk.

3. SolarWinds

SolarWinds’s password breach incident was the dumbest one in February 2021. According to the company, foreign hackers were behind the hacking activity.

The company also blamed an intern for creating a weak password of “solarwinds123,” exposed online.


COMB stands for the term Compilation of Many Breaches. It comprises a group of data breaches (approximately 252) that occurred in recent years.

The criminals posted the hacked data on a popular hacking forum. The alarming matter is it had 3 billion unique login credentials from popular websites like Netflix, Linkedin, Bitcoin, etc.

5. Verkada

A group of international hackers found an admin username and password leaked online. Then, they accessed more than 5000 Verkada cameras.

It helped them get a live view of the locations where people or organizations put these cameras. Surprisingly, hackers could get the idea from Tesla factories, warehouses, hospitals, gyms, schools, jails, etc.

6. RockYou2021

The RockYou2021 is another significant data breach that revealed a 100 GB text file that contained about 8.4 billion passwords. However, not all of these were hacked in 2021. Instead, most of its data came from past breaches.

7. Microsoft

In March 2021, Microsoft mentioned a cyberattack by a group of Chinese hackers called Hafnium. The attackers were able to gain access to some servers by using stolen passwords.

However, Microsoft released patches to fix the vulnerabilities and suggested the users change their login credentials after the incident.

8. Ticketmaster

At the beginning of 2021, the news of this hacking incident came to the mainstream media. Some employees at Ticketmaster hacked into a rival company’s computer to collect business intelligence.

It helped them to take the commercial advantages in many ways. However, later, the company had to pay a fine of $10 million.

9. GoDaddy

The famous hosting company GoDaddy suffered a data breach last year. In November 2021, this company stated that more than 1.2 million of its customers were affected by a security breach.

Hackers were able to gain access to its managed WordPress hosting environment using a compromised password. Attackers exposed many Godaddy customers’ WordPress Admin passwords, email addresses, SSL private keys, etc.

10. New York City Law Department

In June 2021, the New York City Law Department suffered a severe cyberattack. Hackers could access sensitive information, including evidence of police misconduct, medical records, personal data of city employees, etc.

It happened due to just one employee’s stolen email account password. This incident has been one of the most mentionable password breach incidents in 2021.

Most common passwords in 2022

People used a similar set of passwords in 2022 as the years before, and the most common ones were the easiest to crack, some requiring even less than a second. Here is the list of the top 15 most common passwords in 2022:

  1. password
  2. 123456
  3. 123456789
  4. guest
  5. qwerty
  6. 12345678
  7. 111111
  8. 12345
  9. col123456
  10. 123123
  11. 1234
  12. 1234567890
  13. 000000
  14. 555555
  15. 666666

Hacked passwords list

After attackers hack a password, then they store it in a database. Later, they expose it on the Internet. So, we have tried to look at the most common leaked passwords on the dark web.

According to our findings, these are the most hacked passwords in 2022:

  1. password
  2. 123456
  3. 123456789
  4. guest
  5. qwerty
  6. 12345678
  7. 111111
  8. 12345
  9. col123456
  10. 123123

Are you using any of these silly passwords? If yes, please don’t! Go and set a solid password for your online accounts. Otherwise, you are at high risk.

Most common hacked password categories

A recent study based on the breached passwords from the National Counterintelligence and Security Center (NCSC) revealed 30 categories of passwords.

Based on that, we have listed the top 10 of these hacked password 2021 categories. Here are they:

SerialCategoryTotal breached passwords
1Pet names/terms of endearment4,032
7Swear words1,268
9Family Members723
10Car Brands606

If you have a password that contains a phrase that fits under any of these categories, it’s time to change it.

Worldwide spending on cyber security is $36.44 million per day

According to some data, experts predicted that worldwide spending on cyber security could reach up to 133 billion US dollars in 2022. We can say it may be $36.44 million each day based on the prediction.

daily number of hacked passwords

Hackers create 300,000 new malware daily to steal password

According to McAfee, an anti-malware and antivirus developer, everyday hackers have made around 300 thousand unique pieces of malware that can steal your personal information, including passwords.

How many passwords are created each day?

We already got an idea about how many passwords are hacked each day. But what about the number of passwords created daily? Let’s find it out.

According to data from SC Magazine, there will be 300 billion passwords in 2020. Another data source says there were 4.5 billion Internet users in 2020.

According to a password manager, NordPass, an average Internet user had 80 passwords to remember in that year. It means the total number of passwords was 360 billion, higher than SC Magazine’s prediction.

However, in 2022, average users have 100 passwords, and there are 4.95 billion internet users. That means there are 495 billion passwords. In the last two years, we saw a 135 billion increase in the last two years.

According to this estimated data, we can say that there are 180 million passwords created each day. Note that most of them are machine passwords, not human passwords. So, the number may seem excessively high.

How frequently should people reset passwords?

Unfortunately, most people don’t take action even after knowing about the risk. More than 60% of people don’t update their passwords regularly. Only 31.3% of users update their passwords at least once a year.

If you want to protect your online accounts, experts recommend updating the passwords at least once every 60-90 days.

How to create a strong password?

1. Include numbers, upper & lower case, and special characters

The first step to creating a strong password is the combination of numbers, capital letters, smaller letters, and symbols.

An example of a strong password with this combination can be the following one: OnLA8b91@m&W

2. Make the password length atleast 12 characters

Many people tend to keep the password smaller to remember it easily. But it would be best if you made it long enough. Usually, between 12 to 16 characters should be the standard length.

3. Avoid the common phrases

One of the bad practices of creating a password is using common phrases. Do not use your name, English words, or popular terms in the password.

4. Use words that are not in the dictionary

A quick and simple tip while creating passwords is to have one that doesn’t use phrases or words found in the dictionary. It would be even better if the phrase used is grammatically incorrect.

5. Use a password generator

Sometimes, it can be tricky to create a strong and unique password yourself. In this case, you can use a reliable tool that automatically generates passwords.

There are many excellent password generator tools available. You can use any of them you want.

Now that you have an idea about how many passwords are hacked every day, make sure to create a strong one using the tips presented here.

Also, using a safe password manager with multi-factor authentication goes a long way in ensuring online security.

If you have an opinion about this article, please feel free to comment below.

More about the topics: Cybersecurity