How Many Passwords Are Hacked Every Day in 2025? (Key Facts)
Posts by Kelly IndahJuly 1, 2023
Having a password hacked is a serious issue. It means that whoever has hacked your password can access your account and do whatever they like until you realize the hack has occurred.
The severity of the damage will be directly related to which account has been hacked.
In all cases, it can be devastating.
For example, if you’ve had a social media account hacked then a hacker can post false information and opinions.
This can cause embarrassment and damage relationships. However, if your social media account is connected to a business it can cause serious reputational damage.
Naturally, you probably think that a hacker wouldn’t be after your account.
However, once you realize how many passwords are hacked every day, you may change your mind.
Key Statistics
- There were an estimated 2,244 hacks daily in 2007
- 143,000 passwords are stolen each day
- 36 billion records were stolen in 2020 – including passwords
- Over 80% of successful password hacks are due to weak passwords
- 30% of people avoid locking their phones
- 78% of young people use the same password on multiple accounts
- 57% of people store passwords on sticky notes
- 75% of attacks commence with phishing emails
How Many Passwords Are Hacked Every Day in 2025?
1. There Were an Estimated 2,244 Hacks Daily in 2007
In 2007 the University of Maryland undertook a research project to estimate how many passwords are hacked every day.
The surprising result was that one hacking attack occurs every 39 seconds.
Do the math and that translates to 2,244 hacking attacks a day.
Of course, that was 15+ years ago. Today, billions more people use the internet, making the total number of hacking attacks significantly higher.
(University of Maryland)
2. 143,000 Passwords Are Stolen Each Day
Of course, hacking attacks don’t correlate to passwords hacked. One hack can release one password, or it can release hundreds or thousands of them.
A study by Breach Alarm discovered that in excess of one million passwords are stolen every week. That means approximately 143,000 passwords are stolen daily.
The study was based on reported hacks, making it accurate although possibly still an underestimation. After all, how many people are too embarrassed to report a hack?
The study dates from 2019, meaning the figures are probably higher today.
(Breach Alarm)
3. 36 Billion Records Were Stolen in 2020 – Including Passwords
In 2020 Security Magazine conducted research into hacks and specifically the number of records that were stolen throughout the year.
They discovered that 36 billion records were stolen.
While some of these records contained passwords it’s impossible to know how many passwords were actually stolen. It was certainly a lot.
It’s worth noting that 2020 was one of the worst years on record as many people were working from home, where security is usually lower.
This was due to the global pandemic.
As internet user numbers grow, so does the number of records stolen.
(Security Magazine)
4. Over 80% Of Successful Password Hacks Are Due To Weak Passwords
Using weak passwords is practically the same as giving a hacker access to your accounts. A weak password can be hacked in minutes.
Hackers will usually use social engineering to create your profile. It will tell them your name, address, date of birth, family members, and hobbies.
That’s enough to guess any password based on those facts.
Most weak passwords are short and have a personal connection.
If you think using familiar data doesn’t happen then consider this, 59% of users will have either their name or their year of birth in their password.
(World Economic Forum)
5. 30% Of People Avoid Locking Their Phones
This is a surprising fact considering how easy it is to lock a phone. In fact, research shows that 28% of people between the ages of 18 and 29 don’t lock their phones.
That figure decreases to 24% for people between 30-49, and rises to 30% for anyone over 50.
Most people believe it isn’t an issue as they trust the people around them and it seems like a chore to unlock your phone every time you want to use it.
Of course, this trust can be misplaced as anyone with physical access to your phone can get into your accounts or steal passwords.
(Pew Research)
6. 78% Of Young People Use The Same Password On Multiple Accounts
The younger generation is more likely to get hacked. That statistic isn’t surprising as younger people tend to spend more time on the internet.
However, what is surprising is that, despite having a deeper understanding of the digital age, 78% of younger people were found to use the same password or more than one account.
That means, if a password gets hacked, the hacker will have access to multiple accounts.
In addition, the study found that 44% of people aged under 24 didn’t know what phishing was.
(Microsoft)
7. 57% Of People Store Passwords On Sticky Notes
A recent study by Keeper Security spoke to thousands of employees in the US. They discovered that 57% of those spoken to use sticky notes, or similar pieces of paper to store their passwords.
Of course, this means that anyone can see the password as they pass their desk or even go looking for it.
The fact that 67% of those storing passwords on sticky notes have lost the sticky note confirms stealing passwords is a real possibility.
Let’s face it, with this approach to security it’s too easy to steal the password.
(Keeper Security)
8. 75% Of Attacks Commence With Phishing Emails
Considering roughly half of young people don’t know what phishing is, it should be particularly alarming that a 2020 study by Round Robin found 75% of attacks start with a phishing email.
A good phishing email can have people passing over usernames, passwords, and other confidential information without realizing they are being scammed.
(Round Robin)
Concerns Re Password Hacking
Lose a password and the hacker gains access to your accounts. As mentioned, this can cause significant embarrassment and even damage a business.
But, if the hacker gains passwords to your financial accounts they can take your money, apply for loans on your behalf, and even steal your identity.
The result is a huge headache for you and potentially serious financial losses.
Protecting Yourself From Password Hackers
The good news is there are several steps you can take today to stop yourself from becoming a victim of password hacking.
In fact, the answer to how many passwords are hacked every day could be significantly lower if everyone took these simple security precautions.
Choose Strong Passwords
We’ve already established that over 80% of successful hacks are a result of weak passwords. It therefore makes sense to use strong passwords on all your accounts.
In a nutshell, this means choosing longer passwords.
You need to create passwords at least 12 characters long. The characters should include upper and lower case letters, numbers, and special characters.
The password shouldn’t be a name, instead choose random characters with no direct connection to you. This makes it virtually impossible for a hacker to guess your password.
In short, the more random the password, the better.
You should certainly change your password instantly if you are using any of the following common ones:
- 123456
- password
- qwerty
- 111111
- Guest
Understand & Avoid Phishing Scams
A phishing scam is when you are sent an email. It will appear to come from your bank or some other trusted financial institution.
The email will advise you of an issue with your account and ask you to login to check and, if necessary, notify them of the problem.
It will seem genuine and not a threat. It certainly won’t ask for money. But, it will provide a link to the login site.
You should never click on login links. Instead, go to the necessary page by typing its address in the browser.
Clicking on the phishing link will send you to a page that looks very similar to your normal login page.
The better the hacker the more accurate the page will appear.
Because you believe it is genuine you’ll login with your username and password. The attempt will fail but the hacker will have used the fake page to gain your login credentials.
They can then log into your account and extract all your funds, often before you realize what is happening.
If you receive an email from anyone telling you there is an issue with your account, proceed with extreme caution.
It is always safer to log into the account via your browser and enter the address yourself.
This is easier than scrutinizing the email address and every detail of the webpage to see if it is genuine or not.
Invest In A Password Manager
Creating a unique password for every account online is not only a daunting task, it will also seem impossible to memorize them all. However, you don’t need to.
The best approach is to install a reputable password manager. This will allow you to store all your passwords.
They will be encrypted, meaning no one other than you can read them.
The password manager is accessed using a password, that’s the only one you’ll need to remember.
This password is encrypted and stored on your server, making it extremely difficult to hack.
To make your passwords even stronger, you should use the password generator tool included with most password managers.
It creates passwords for you, ensuring they are completely random and have no connection to you.
Data Removal Tools
Data removal tools contact data brokers for you and ask them to remove your data from their systems. It’s a tedious process that makes it a little harder for hackers to create your profile.
It’s a useful option if you are trying to reduce your web presence.
But, the real beauty of these services is that they scan the dark web looking for data breaches.
In other words, they will advise you when your email/username or password has appeared on the dark web. This tells you to change the password immediately.
Change Regularly
Naturally, if a breach or hack occurs you should change your password instantly. However, you shouldn’t wait for a hack to change your password.
To help stay safe online and avoid being hacked, it’s advisable to change your passwords at least once every six months.
Once every three months is better.
Use Dual Factor Identification
This is an increasingly popular option and most businesses are starting to offer it with their apps.
If it’s available you should use dual factor authentication. It means a password isn’t enough to access your account. To complete the logging in process you need a unique code.
It’s sent to you during the login process.
If you opt to receive it by SMS then it is virtually impossible to intercept and a hacker will be unable to access your accounts, even if you’ve given them your username and password.
Summing Up
It’s impossible to answer how many passwords are hacked every day with an exact answer.
That’s because the number is constantly changing and not all password hacks are either detected or reported.
However, it is safe to say the number is large. Reports and statistics suggest thousands of hacks are performed every day.
While not all are successful, even one successful hack can result in thousands of compromised passwords.
Your best defense is to choose a strong password, change it regularly, and avoid using any password on more than one account.
It may seem like a hassle but it’s much easier than dealing with the aftermath of a password hack.