GITNUXREPORT 2025

Password Hacking Statistics

Most breaches result from weak, reused, or stolen passwords worldwide.

Jannik Lindner

Jannik Linder

Co-Founder of Gitnux, specialized in content and tech since 2016.

First published: April 29, 2025

Our Commitment to Accuracy

Rigorous fact-checking • Reputable sources • Regular updatesLearn more

Key Statistics

Statistic 1

Phishing attacks account for over 90% of breaches with stolen passwords

Statistic 2

Password guessing attacks are responsible for over 80% of hacking attempts on web services

Statistic 3

The number of credential stuffing attacks increased by 300% from 2018 to 2022

Statistic 4

Automated password guessing tools can crack 1 million passwords in less than 3 hours

Statistic 5

91% of cyberattacks start with a phishing email that captures passwords

Statistic 6

An estimated 20% of users create passwords based on their personal information, which can be easily obtained via social media

Statistic 7

87% of people never update their passwords on certain accounts, leaving them vulnerable over time

Statistic 8

Password sharing among employees or friends is still common, with 40% reporting sharing passwords at least once

Statistic 9

The average account takes 10 hours and 23 minutes to recover after a breach involving compromised passwords

Statistic 10

The cost of a data breach involving stolen passwords averages $4.35 million

Statistic 11

60% of people reuse passwords across multiple accounts

Statistic 12

52% of people use the same password for work and personal accounts

Statistic 13

The average person has 80-100 passwords but remembers only 10

Statistic 14

23 million passwords are reused across websites by Just 1000 most common passwords

Statistic 15

93% of corporate users reuse passwords, increasing vulnerability

Statistic 16

Password reuse across sites creates security vulnerabilities in 81% of breaches

Statistic 17

70% of users reuse their passwords across multiple platforms, increasing breach risks

Statistic 18

55% of individuals admit to using the same password on multiple sites, heightening breach impact

Statistic 19

81% of data breaches are due to weak or stolen passwords

Statistic 20

81% of hacking-related breaches leverage stolen or weak passwords

Statistic 21

Brute-force attacks can crack simple passwords within minutes

Statistic 22

59% of users create passwords based on easily guessable information

Statistic 23

30% of passwords are among the top 1000 used worldwide

Statistic 24

81% of hacking-related breaches involve weak passwords

Statistic 25

Nearly 50% of data breaches relate to weak or stolen passwords

Statistic 26

64% of companies have experienced a data breach caused by weak password security

Statistic 27

61% of breaches involve compromised credentials

Statistic 28

39% of hacking incidents are caused by stolen passwords

Statistic 29

53% of adults have set a password that is 123456 or password, common weak passwords

Statistic 30

More than 7 million passwords are leaked online every day

Statistic 31

Known passwords like "password" and "123456" account for 82% of passwords used

Statistic 32

81% of data breaches involve weak or stolen passwords

Statistic 33

81% of hacking breaches involve stolen or weak passwords

Statistic 34

It takes a brute-force attack around 5 minutes to crack a password of 6 characters

Statistic 35

39% of data breaches are caused by compromised or weak passwords

Statistic 36

The likelihood of a password being guessed increases exponentially with simplicity, with 1 in 5 passwords being extremely weak

Statistic 37

90% of hacked accounts are accessed via stolen or weak passwords

Statistic 38

17% of users create passwords that are the same as their pet's name, making it easier for hackers to guess

Statistic 39

63% of cybercrimes involve password hacking

Statistic 40

92% of people believe that strong passwords are critical for online security

Statistic 41

65% of users change their passwords after a security breach, but many do not use strong passwords afterward, with only 31% adopting multi-factor authentication

Statistic 42

75% of passwords can be cracked within a few hours using brute-force methods

Statistic 43

Less than 20% of users utilize multi-factor authentication, despite it being highly effective against hacking attempts

Statistic 44

90% of hacking-related breaches involve the use of stolen credentials

Statistic 45

Password managers can secure over 50 passwords per user, reducing the need to remember multiple passwords

Statistic 46

60% of hackers say they target weak passwords because they are easier to crack

Statistic 47

46% of organizations have experienced a breach due to weak passwords

Statistic 48

95% of accounts can be breached with simple password lists within minutes

Statistic 49

Hackers successfully access 50% of corporate accounts using compromised credentials

Statistic 50

Only 25% of users employ passwords longer than 12 characters, reducing security effectiveness

Statistic 51

57% of online adults use at least one weak password, making their accounts more vulnerable

Statistic 52

98% of hackers believe that passwords remain the weakest link in cybersecurity

Statistic 53

1 in 4 web users use 'password' as their password, despite warnings

Statistic 54

78% of small businesses have experienced a breach caused by weak or stolen passwords

Statistic 55

79% of hacking incidents involve the use of simple or reused passwords

Statistic 56

92% of organizations report that stolen passwords are a primary cause of data breaches

Slide 1 of 56
Share:FacebookLinkedIn
Sources

Our Reports have been cited by:

Trust Badges - Publications that have cited our reports

Key Highlights

  • 81% of data breaches are due to weak or stolen passwords
  • 81% of hacking-related breaches leverage stolen or weak passwords
  • 60% of people reuse passwords across multiple accounts
  • 52% of people use the same password for work and personal accounts
  • The average person has 80-100 passwords but remembers only 10
  • Brute-force attacks can crack simple passwords within minutes
  • 59% of users create passwords based on easily guessable information
  • 30% of passwords are among the top 1000 used worldwide
  • 23 million passwords are reused across websites by Just 1000 most common passwords
  • 81% of hacking-related breaches involve weak passwords
  • Nearly 50% of data breaches relate to weak or stolen passwords
  • 91% of cyberattacks start with a phishing email that captures passwords
  • 64% of companies have experienced a data breach caused by weak password security

Did you know that over 80% of data breaches are caused by weak or stolen passwords, highlighting a hidden vulnerability that millions unknowingly carry?

Cyberattack Methods and Techniques

  • Phishing attacks account for over 90% of breaches with stolen passwords
  • Password guessing attacks are responsible for over 80% of hacking attempts on web services
  • The number of credential stuffing attacks increased by 300% from 2018 to 2022
  • Automated password guessing tools can crack 1 million passwords in less than 3 hours

Cyberattack Methods and Techniques Interpretation

These jaw-dropping statistics reveal that while hackers are rapidly refining their password-cracking arsenals—making credential stuffing a 300% more common threat—jjetecting and defending against these cyber-assailants demands vigilance, innovation, and a shift away from predictable password practices.

Human Behavior

  • 91% of cyberattacks start with a phishing email that captures passwords
  • An estimated 20% of users create passwords based on their personal information, which can be easily obtained via social media
  • 87% of people never update their passwords on certain accounts, leaving them vulnerable over time
  • Password sharing among employees or friends is still common, with 40% reporting sharing passwords at least once

Human Behavior Interpretation

These grim statistics reveal that the vast majority of cyber breaches are built on simple human errors—such as falling for phishing, using personal info, neglecting password updates, or sharing credentials—making cybersecurity as much about educating people as installing firewalls.

Impact and Consequences of Data Breaches

  • The average account takes 10 hours and 23 minutes to recover after a breach involving compromised passwords
  • The cost of a data breach involving stolen passwords averages $4.35 million

Impact and Consequences of Data Breaches Interpretation

With the clock ticking over 10 hours to recover and a staggering $4.35 million price tag per stolen password breach, it's clear that in today's digital age, securing your credentials isn't just wise—it's essential to avoid dollars and downtime alike.

Password Reuse and Human Behavior

  • 60% of people reuse passwords across multiple accounts
  • 52% of people use the same password for work and personal accounts
  • The average person has 80-100 passwords but remembers only 10
  • 23 million passwords are reused across websites by Just 1000 most common passwords
  • 93% of corporate users reuse passwords, increasing vulnerability
  • Password reuse across sites creates security vulnerabilities in 81% of breaches
  • 70% of users reuse their passwords across multiple platforms, increasing breach risks
  • 55% of individuals admit to using the same password on multiple sites, heightening breach impact

Password Reuse and Human Behavior Interpretation

With over half of users recycling passwords across accounts—often with the same ones—it's no wonder that a staggering 81% of breaches exploit this habit, turning the digital vaults into easy pickings for cybercriminals; perhaps it’s time we realized that in cybersecurity, habit makes the hacker.

Password Security and Strength

  • 81% of data breaches are due to weak or stolen passwords
  • 81% of hacking-related breaches leverage stolen or weak passwords
  • Brute-force attacks can crack simple passwords within minutes
  • 59% of users create passwords based on easily guessable information
  • 30% of passwords are among the top 1000 used worldwide
  • 81% of hacking-related breaches involve weak passwords
  • Nearly 50% of data breaches relate to weak or stolen passwords
  • 64% of companies have experienced a data breach caused by weak password security
  • 61% of breaches involve compromised credentials
  • 39% of hacking incidents are caused by stolen passwords
  • 53% of adults have set a password that is 123456 or password, common weak passwords
  • More than 7 million passwords are leaked online every day
  • Known passwords like "password" and "123456" account for 82% of passwords used
  • 81% of data breaches involve weak or stolen passwords
  • 81% of hacking breaches involve stolen or weak passwords
  • It takes a brute-force attack around 5 minutes to crack a password of 6 characters
  • 39% of data breaches are caused by compromised or weak passwords
  • The likelihood of a password being guessed increases exponentially with simplicity, with 1 in 5 passwords being extremely weak
  • 90% of hacked accounts are accessed via stolen or weak passwords
  • 17% of users create passwords that are the same as their pet's name, making it easier for hackers to guess
  • 63% of cybercrimes involve password hacking
  • 92% of people believe that strong passwords are critical for online security
  • 65% of users change their passwords after a security breach, but many do not use strong passwords afterward, with only 31% adopting multi-factor authentication
  • 75% of passwords can be cracked within a few hours using brute-force methods
  • Less than 20% of users utilize multi-factor authentication, despite it being highly effective against hacking attempts
  • 90% of hacking-related breaches involve the use of stolen credentials
  • Password managers can secure over 50 passwords per user, reducing the need to remember multiple passwords
  • 60% of hackers say they target weak passwords because they are easier to crack
  • 46% of organizations have experienced a breach due to weak passwords
  • 95% of accounts can be breached with simple password lists within minutes
  • Hackers successfully access 50% of corporate accounts using compromised credentials
  • Only 25% of users employ passwords longer than 12 characters, reducing security effectiveness
  • 57% of online adults use at least one weak password, making their accounts more vulnerable
  • 98% of hackers believe that passwords remain the weakest link in cybersecurity
  • 1 in 4 web users use 'password' as their password, despite warnings
  • 78% of small businesses have experienced a breach caused by weak or stolen passwords
  • 79% of hacking incidents involve the use of simple or reused passwords
  • 92% of organizations report that stolen passwords are a primary cause of data breaches

Password Security and Strength Interpretation

With over 80% of breaches linked to weak or stolen passwords—despite knowing that complex, unique credentials and multi-factor authentication can drastically reduce risk—it's clear that in cybersecurity, lazy password habits are the weakest link hackers love to exploit.