• News
    • Tech News
    • AI
  • Gadgets
    • Apple
    • iPhone
  • Gaming
    • Playstation
    • Xbox
  • Science
    • News
    • Space
  • Streaming
    • Netflix
  • Vehicles
    • Car News
  • Social Media
    • WhatsApp
    • YouTube
  • Advertise
  • Terms
  • Privacy & Cookies
  • LADbible Group
  • LADbible
  • UNILAD
  • SPORTbible
  • GAMINGbible
  • Tyla
  • FOODbible
  • License Our Content
  • About Us & Contact
  • Jobs
  • Latest
  • Topics A-Z
  • Authors
Facebook
Instagram
X
TikTok
Snapchat
WhatsApp
Submit Your Content
Experts urge people to act fast as 19,000,000,000 passwords are leaked in major hack

Home> News> Tech News

Published 12:48 7 May 2025 GMT+1

Experts urge people to act fast as 19,000,000,000 passwords are leaked in major hack

Another day, another cyber attack

Tom Chapman

Tom Chapman

We're all warned about the continued dangers of cyber attacks in 2025, but according to a new report, things could be even more desperate than we first thought.

Cybersecurity crackdowns are everywhere, but unfortunately, that doesn't stop bad actors from slipping through the virtual net and getting into our private details.

Microsoft has already tried to ditch password sign-ins as an attempt to bamboozle hackers, and as we've seen, it can take mere milliseconds to crack the average password.

Advert

Forbes' Davey Winder has been keeping an eye on the password pandemic, previously estimating that passwords finding their way onto the dark web has risen from 800 million to up to 2.1 billion.

The password pandemic is only getting worse (Richard Newstead / Getty)
The password pandemic is only getting worse (Richard Newstead / Getty)

In a new report, Winder claims that infostealer malware attacks could be responsible for even more leaks, potentially meaning a jaw-dropping 19 billion passwords are out there and up for grabs.

Since April 2024, there have apparently been 200 security incidents, leading to 19,030,305,929 hacked passwords being readily available online.

Advert

Winder warns: "The takeaway being that you need to take action now to prevent becoming a victim of the automatic password hacking machine epidemic."

He blames 'password laziness and reuse', with only 6% (1,143,815,266) of the 19 billion being unique. When you realize 94% of these passwords were reused across accounts and services, it shows why cybercriminals are likely rubbing their hands right now.

Added to this, 42% of the passwords were said to be in the short range of 8-10 characters in length, while 27% consisted of only lowercase letters and digits without special characters or mixed case.

Cybernews information and security researcher Neringa Macijauskaitė said: "The default password problem remains one of the most persistent and dangerous patterns in leaked credential datasets."

Advert

We all know about the passwords that are most commonly used, with the breach showing 53 million uses of 'admin' and a baffling 56 million users of 'password'.

Macijauskaitė added: "Attackers, too, prioritize them, making these passwords among the least secure."

It's easier than ever for hackers to get into your personal details (boonchai wedmakawand / Getty)
It's easier than ever for hackers to get into your personal details (boonchai wedmakawand / Getty)

We're also told never to reuse passwords across multiple platforms. While it might be a faff to try and remember unique passwords for each individual service, considering how many we have these days, Macijauskaitė concluded: "If you reuse passwords across multiple platforms, a breach in one system can compromise the security of other accounts, creating a domino effect

Advert

“Attackers constantly harvest the latest credential dumps from exposed info-stealers and recently cracked hashes available publicly.

"These fresh datasets enable waves of highly effective credential-stuffing attacks, often bypassing traditional security defenses."

In terms of where we're being targeted, Paul Walsh, CEO of MetaCert and co-founder of the W3C Mobile Web Initiative in 2004, reiterated that the latest national SMS phishing test carried out by MetaCert showed that the likes of T&T, Verizon, and T-Mobile failed to stop phishing messages from being delivered.

Walsh has written an open letter explaining: "The cybersecurity industry has no shortage of experts in email security, endpoint protection, or network defense, but when it comes to SMS infrastructure and security, there is a distinct lack of deep expertise."

Advert

It seems that our smartphones are the latest to be targeted by hackers, so don't click any of those unknown links and send your passwords out into the world.

Featured Image Credit: Rawf8 / Getty
Cybersecurity
Tech News

Advert

Advert

Advert

  • Users left deeply concerned as Microsoft announces major move to a 'passwordless' world
  • 'Catastrophic' security breach as 31,000,000 passwords are stolen in Internet Archive hack
  • CEO warns employees are 'doomed' in shocking leaked email urging people to act now on AI
  • FBI issues urgent public warning after 13 popular internet routers are hacked

Choose your content:

3 hours ago
5 hours ago
6 hours ago
  • 3 hours ago

    Crypto boss issues brutal public response to hackers after they demand $20,000,000 ransom

    The head of Coinbase revealed the company will not be paying up

    News
  • 5 hours ago

    World's biggest lithium reservoir with $1,500,000,000,000,000 worth of the precious metal hiding in supervolcano

    This could turn the US into a leading global supplier of the valuable metal

    Science
  • 5 hours ago

    Trump reignites bid to take over Greenland following stunning discovery beneath the ice

    Greenland could become a crucial territory in the potential World War III

    News
  • 6 hours ago

    College student demanded her tuition fees back after she caught her professor doing the one thing he asked students not to

    It shouldn't be one rule for one, one for another

    News