"Password Reuse at 60% as 1.5 Billion Combos Discovered Online"

Researchers at SpyCloud found nearly 1.5 billion breached login combos circulating online last year and billions of records, including personal information (PII).  The researchers also found that password reuse and weak hashing algorithms were widespread.  In 2020 there were 854 breaches, up a third from 2019, and each data leak leaked on average 5.4 million records.  SpyCloud found that 60% of credentials were reused across multiple accounts, exposing victims to credential stuffing and other brute force tactics.  Of the 270,000 .gov emails recovered, the researchers found that password reuse was even higher, at 87%.  Nearly two million passwords contained “2020,” while almost 200,000 featured COVID-related keywords like “corona” and “pandemic.”  The most common password was “123456,” followed by “123456789” and “12345678.” “Password” and “111111” also appeared more than 1.2 million times each.  The researchers also found that a third (32%) of breached passwords used the weak MD5 algorithm, and 22% used SHA1.  Only 17% of passwords were salted.

Infosecurity reports: "Password Reuse at 60% as 1.5 Billion Combos Discovered Online"