How many data breaches involved weak passwords in 2025?

According to the 2025 Verizon DBIR, 81% of hacking-related breaches involved weak or stolen passwords. IBM reports the average cost of a data breach reached $4.88 million in 2024.

Statistics April 12, 2025 · 7 min read

Password Security Statistics 2025: Breaches & Trends

Q: What percentage of people reuse passwords?

Multiple studies show that 65% of people reuse passwords across accounts, and 13% use the same password for everything. This makes credential stuffing one of the most effective attack vectors.

By YPass Team — Updated April 2025

Key Findings: 81% of hacking-related breaches involve weak/stolen passwords (Verizon DBIR). The average breach costs $4.88M (IBM). 65% of people reuse passwords. Only 28% use a password manager. Protect yourself with unique, high-entropy passwords from YPass and enable 2FA.

Data Breach Statistics

81%

of breaches involve weak/stolen passwords

$4.88M

average cost per data breach

277

days average to detect a breach

The 2025 Verizon Data Breach Investigations Report (DBIR) analyzed over 10,000 confirmed breaches and found that credential-related attacks remain the primary threat vector. IBM's Cost of a Data Breach Report puts the average cost at $4.88 million — a 10% increase from the previous year.

Password Reuse Statistics

65% of people reuse the same password across multiple accounts (Google)
13% use the same password for every single account (LastPass)
51% rely on memory for password management (Bitwarden)
Only 28% of consumers use a password manager (Security.org)
The average person has 100+ online accounts requiring passwords

Password Cracking Speeds (2025)

Modern GPU clusters can test billions of password combinations per second. According to Hive Systems:

Password Type	8 chars	12 chars	16 chars
Numbers only	Instant	1 second	2 hours
Lowercase only	Instant	3 weeks	1,000 years
Mixed case + digits	7 min	200 years	100B years
All character types	5 min	34K years	10T years

Credential Stuffing & Phishing

15 billion stolen credentials are available on the dark web (Digital Shadows)
Credential stuffing accounts for 34% of all login attempts across major websites
Phishing remains the #1 initial attack vector for 36% of breaches (Verizon DBIR)
79% of organizations experienced a phishing attack in 2024 (Proofpoint)

Most Common Passwords in 2025

According to NordPass, millions of people still use easily guessable passwords:

1. 123456< 1 sec

2. password< 1 sec

3. 123456789< 1 sec

4. qwerty< 1 sec

5. 12345< 1 sec

6. admin< 1 sec

How to Protect Yourself: Action Steps

Generate unique 16+ character passwords with YPass for every account
Enable two-factor authentication on all important accounts
Use a reputable password manager to store credentials
Check Have I Been Pwned for compromised accounts
Avoid the common password mistakes outlined in our guide

Frequently Asked Questions

How many breaches involved weak passwords in 2025?

81% of hacking-related breaches involved weak or stolen passwords, according to the 2025 Verizon DBIR. The average breach cost reached $4.88 million (IBM).

What percentage of people reuse passwords?

65% of people reuse passwords across accounts. 13% use the same password for everything. Only 28% of consumers use a password manager.

Sources: Verizon 2025 DBIR, IBM Cost of a Data Breach 2024, Hive Systems 2025, NordPass 2024

Password Security Statistics 2025: Breaches & Trends

Data Breach Statistics

Password Reuse Statistics

Password Cracking Speeds (2025)

Credential Stuffing & Phishing

Most Common Passwords in 2025

How to Protect Yourself: Action Steps

Frequently Asked Questions

Related Articles

Common Password Mistakes

Password Entropy Explained

Two-Factor Authentication Guide

Generate a Secure Password Now