Back

Widespread Weak Passwords Lead to Massive Data Breaches

Severity: High (Score: 66.5)

Sources: www.kaspersky.com, heimdalsecurity.com

Summary

Between 2023 and 2026, over 231 million unique passwords were analyzed, revealing that 60% are weak enough to be cracked within an hour. A significant data leak in June 2025 exposed 16 billion stolen passwords, highlighting the vulnerability of user credentials. The 2025 Data Breach Investigations Report noted a 37% increase in brute force attacks, attributed to the prevalence of easily guessable passwords. The majority of users continue to reuse weak passwords across personal and business accounts, exacerbating the issue. Cybersecurity experts emphasize the need for stronger password management practices to mitigate these risks. The ongoing trend of password leaks and breaches poses a serious threat to millions of users globally. Key Points: • 60% of analyzed passwords are weak and can be cracked in under an hour. • A June 2025 leak revealed 16 billion stolen passwords, marking a significant breach. • Brute force attacks increased to 37% of successful web application attacks in 2025.

Key Entities

  • Brute Force (attack_type)
  • Credential Stuffing (attack_type)
  • Data Breach (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • China (country)
  • Germany (country)
  • United States (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • 2c103f2c4ed1e59c0b4e2e01821770fa (md5)
  • T1078 - Valid Accounts (mitre_attack)
  • T1110 - Brute Force (mitre_attack)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • Android (platform)
  • IOS (platform)
  • MacOS (platform)
  • Windows (platform)
  • RTX 4090 GPU (tool)
  • RTX 5090 GPU (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed