Global Data Leak Exposes Millions Still Relying on Weak Passwords
In a troubling revelation for cybersecurity, a recent report has found that millions of individuals worldwide are still employing weak and easily hackable passwords as of 2025. The analysis, conducted by Comparitech, examined over two billion passwords that were leaked in data breaches this year, highlighting a continuing trend of poor password practices among users.
The study’s findings indicate that the most commonly used password remains “123456,” a simple combination that underscores the persistent issue of password vulnerability. The top three passwords identified were “123456,” “12345678,” and “123456789,” with each utilized by millions of accounts across the globe. Other passwords in the top ten included familiar terms like “admin” and “password,” as well as straightforward numerical sequences like “12345” and “1234.”
Significantly, approximately 25% of the most popular 1,000 passwords consisted solely of numbers, and 38.6% included the sequence “123.” Variations of the term “password” were identified in nearly 4% of cases, while “admin” appeared in 2.7%. This data illustrates a disturbing lack of user awareness regarding online security protocols, as individuals prioritize convenience over robust account protection.
The report also shed light on region-specific password trends, noting that “India@123” ranked at number 53. Additionally, “minecraft,” a term likely influenced by the popular video game, ranked 100th with nearly 90,000 occurrences. This regional variance suggests that local culture can influence password choices, further complicating the landscape of cybersecurity.
Experts advise that passwords should contain at least 12 characters to maximize security, as longer passwords are less susceptible to hacking attempts. However, the findings reveal that a staggering 65.8% of the passwords assessed were under this recommended length, placing these accounts at a significantly increased risk of compromise.
Despite the heightened awareness of cybersecurity threats and data breaches, many users continue to opt for ease of use. Such behavior raises important concerns about the effectiveness of current security practices and highlights the ongoing challenge of educating users in safeguarding their digital assets.
From a cybersecurity perspective, various MITRE ATT&CK tactics may have been employed by malicious actors to exploit these vulnerabilities. Techniques such as initial access, where attackers gain entry through weak passwords, and persistence, where they maintain access to compromised accounts, exemplify the risks associated with poor password hygiene. Such vulnerabilities serve as entry points for more extensive attacks, making it imperative for business owners to recognize the security risks tied to inadequate password practices.
The findings emphasize the critical need for effective password management strategies tailored for both individual users and organizational policies. As the digital landscape evolves, prioritizing secure password protocols will be essential in safeguarding against future breaches.
