A recent study by Cybernews has uncovered alarming statistics about global password security, revealing that over 19 billion passwords leaked between April 2024 and early 2025 were mostly reused or duplicated. Analyzing data from around 200 cybersecurity breaches—including high-profile incidents involving Snowflake and SOCRadar.io—the study showed that 94% of the passwords were not unique, significantly increasing vulnerability to cyberattacks.
The most frequently used passwords included simplistic combinations such as "1234", which appeared in nearly 727 million cases, and "123456", found around 338 million times. Other popular choices were “password” (used about 56 million times), “admin” (53 million), and “pass” in various forms. Personal names, especially “Ana”, and emotionally resonant terms like “love”, “joy”, “freedom”, and “dream” were also widespread.
The report also found a surprising volume of passwords containing profanities and casual words, such as “fuck”, “shit”, and “bitch”, and food-related terms like “apple”, “rice”, and “pizza”. Pop culture and brand names like “mario”, “batman”, “google”, “facebook”, and “kia” also ranked high among the leaked credentials.
Cybernews noted that most users favored passwords with 8–10 characters using only lowercase letters and numbers, a weak format that can be easily compromised. However, there was a slight improvement in complexity: in 2022, only 1% of passwords used a combination of upper and lowercase letters, numbers, and symbols. That number rose to 19% in the recent analysis.
The report urges users to adopt stronger password practices, including using longer and more complex passwords and enabling two-factor authentication. As breaches continue to grow in size and frequency, better personal cybersecurity habits are becoming increasingly essential.
Bd-pratidin English/ Jisan
