19 Billion Passwords Leaked: Experts Say Weak Re-Use Has Reached “Epidemic” Levels

The internet is facing an unprecedented surge of credential exposure after researchers uncovered 19 billion freshly leaked passwords in the wake of several headline-making data breaches. According to a new Cybernews analysis of 2025 password-creation trends, only six per cent of the credentials examined were unique. The remaining 94 per cent appeared in more than one account, leaving billions of users acutely vulnerable if even a single service is hacked.

Key findings

• Rampant re-use: Nearly one in ten passwords surfaced in at least ten separate accounts, a pattern that enables so-called “credential-stuffing” attacks.

• Minimal complexity: Roughly 30 per cent contained only lowercase letters and numbers; many relied on “123456,” “password,” or “admin.”

• Length shortfall: Fewer than 15 per cent exceeded the 12-character benchmark widely recommended by security professionals.

Cybernews researcher Neringa Macijauskaite labelled the situation “a widespread epidemic of weak password re-use,” warning that most users’ safety now depends on whether two-factor authentication (2FA) is enabled—and many accounts still lack it.

Recommended defences

1. Adopt a password manager to generate and store a unique, random passphrase for every service.

2. Retire recycled logins: Minimum 12 characters (ideally 16) with upper- and lowercase letters, numbers and special symbols—no dictionary words or simple sequences.

3. Turn on multi-factor authentication wherever it is offered; an extra verification step dramatically cuts the risk of account takeover.

Corporate actions

• Enforce strict password policies—length and complexity trump memorability.

• Hash and salt stored credentials with modern algorithms and monitor them for real-time leaks.

• Run regular access-control reviews and security audits to limit blast radius if a breach occurs.

With cyber-criminal tactics evolving daily, both individuals and organisations must tighten credential hygiene or risk becoming part of the next megabreach.

Up your cyber security knowledge through our leading security training programme HERE.

Photo Credit: DepositPhotos.com