Key Takeaways
- 3.2 billion credentials from 100+ breaches in 2022
- LinkedIn breach exposed 700 million passwords in 2021
- Yahoo's 2013 breach leaked 3 billion accounts
- 81% of hacking-related breaches leveraged weak, default, or stolen passwords in 2023
- In 2022, credential stuffing attacks accounted for 30% of all breaches
- 74% of breaches in 2021 involved compromised credentials
- MFA reduces unauthorized access by 99.9%
- Passwordless logins block 99% of automated attacks
- Password managers prevent 80% of reuse issues
- Average password cracked in 7 seconds with modern hardware
- 83% of passwords can be cracked in under a day
- Top 10,000 passwords crack 98% of attempts offline
- 68% of people reuse passwords across accounts
- 59% of users share passwords with others
- Only 24% use password managers regularly
Billions of breached passwords prove credential reuse and weak defenses still drive most password attacks.
Related reading
01 · Category
Data Breaches Involving Passwords26 stats
Data Breaches Involving Passwords Interpretation
02 · Category
Incidence Rates29 stats
Incidence Rates Interpretation
03 · Category
Mitigation Strategies30 stats
Mitigation Strategies Interpretation
More related reading
04 · Category
Password Vulnerabilities30 stats
Password Vulnerabilities Interpretation
05 · Category
User Habits30 stats
User Habits Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Rachel Svensson. (2026, February 13). Password Hacking Statistics. Gitnux. https://gitnux.org/password-hacking-statistics
Rachel Svensson. "Password Hacking Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/password-hacking-statistics.
Rachel Svensson. 2026. "Password Hacking Statistics." Gitnux. https://gitnux.org/password-hacking-statistics.
Sources & references
94 datasets cited across this report · attribution is report-level

