Analysis of Over 5 Billion Leaked Passwords: Key Findings and Trends

By Ava McKinneyOnline Safety

Experts Analyze Over 5 Billion Leaked Passwords

In a recent study, experts examined approximately 5.1 billion unique login/password pairs. In this context, the login refers to an email address. Since the first password study in 2017, a total of 33.3 billion login/password pairs (including non-unique ones) have been analyzed.

The data sources for this analysis include various communities focused on password recovery from hashes (such as hashes.org and hashkiller.io) and underground forums where large-scale leaks are made publicly available.

The data is cleaned of “junk” (empty and duplicate entries). A special algorithm (filter) is used to identify and disqualify automatically generated passwords (those set by the service that suffered the leak, not by users themselves), as well as mass automated registrations (when accounts are created by bots on the affected service). Cyrillic characters are standardized to a single encoding.

Major Leaks in 2020

Notable leaks (over 30 million login/password pairs) included in this study for 2020:

  • Virtual pet community neopets.com – 68 million
  • Social network netlog.com – 53 million
  • Online community for writers and readers wattpad.com – 48 million
  • Photo sharing service fotolog.com – 42 million
  • Social network livejournal.com – 33 million

Note: The numbers above represent the count of “decrypted” passwords available at the time of the study, not the total size of the original leaks. Some of these leaks may have occurred before 2020 but only became publicly accessible that year.

Password Database Statistics

  • 5,108,611,469 total passwords (previously 4,883,711,954)
  • 848,134,618 passwords contain only digits (previously 779,281,749)
  • 1,335,889,957 passwords contain only letters (previously 1,275,706,800)
  • 13,381,165 passwords contain Cyrillic letters (previously 10,972,555)
  • 171,246,021 passwords contain letters, digits, and special characters (previously 159,948,243)
  • 3,300,865,676 passwords are 8 or more characters long (previously 3,126,556,695)
  • 840,680,047 passwords are longer than 10 characters (previously 792,123,298)
  • 1,091,415,435 passwords are shorter than 7 characters (previously 1,031,293,444)

Most Popular Passwords of All Time

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345
  5. password
  6. 12345678
  7. qwerty123
  8. 1q2w3e
  9. 111111
  10. 123123

Notably, “123123” entered the top 10, pushing “1234567890” down to 12th place.

Top 25 Most Popular Passwords of All Time

  1. 1234567
  2. 1234567890
  3. 000000
  4. qwertyuiop
  5. 123321
  6. 1234
  7. abc123
  8. 654321
  9. 666666
  10. 1q2w3e4r5t
  11. 7777777
  12. password1
  13. iloveyou
  14. 555555
  15. 123

Top 10 Passwords from 2020 Leaks

  1. 123456
  2. 123456789
  3. 111111
  4. Password
  5. 12345678
  6. 123123
  7. 12345
  8. 1234567
  9. 000000
  10. 1234567890

Top 10 Passwords Containing Only Letters

  1. qwerty
  2. password
  3. qwertyuiop
  4. iloveyou
  5. asdasd
  6. zxcvbnm
  7. qazwsx
  8. dragon
  9. asdfghjkl
  10. monkey

The password “unknown” (previously ranked 7th) was disqualified this year due to the filter.

Top 10 Passwords with Letters, Digits, and Special Characters

  1. 1qaz@WSX
  2. P@ssw0rd
  3. p@ssw0rd
  4. 1qaz!QAZ
  5. !QAZ2wsx
  6. Pa$$w0rd
  7. Password1!
  8. feder_1941
  9. !qaz2wsx
  10. abc123!

Several passwords from last year’s complex password ranking were disqualified this year by the filter, including “Aa123456.”, “)4ever”, “123456QQAqqa_”, “Spiritwear_2004”, “wowecarts@123”, and “film@123”.

Top 10 Cyrillic Passwords

  1. йцукен
  2. пароль
  3. я
  4. любовь
  5. привет
  6. наташа
  7. максим
  8. люблю
  9. марина
  10. андрей

Top 10 Passwords Disqualified by the Filter

  1. g_czechout
  2. DEFAULT
  3. 30media
  4. 10pace
  5. 59trick
  6. 24crow
  7. 59mile
  8. 19weed
  9. 66bob
  10. )ryan

Impact of COVID-19 on Passwords

The most significant event of last year was, of course, the COVID-19 pandemic. It’s interesting to see how the pandemic influenced user passwords.

Top 25 Passwords Related to Coronavirus and the Pandemic

  1. covid19
  2. корона
  3. epidemic
  4. COVID19_Access
  5. Covid19
  6. pandemic
  7. covid-19
  8. coronavirus
  9. COVID19
  10. covid2020
  11. epidemic5
  12. Covid2020
  13. epidemic1
  14. эпидемия
  15. pandemic1
  16. coronavirus1
  17. covidien
  18. covid2019
  19. Covid-19
  20. Coronavirus2020
  21. Covid2019
  22. Pandemic
  23. covid192020
  24. coronavirus19
  25. covid1984

Most Popular Logins (Email Addresses)

Top 10 Email Domains

  1. yahoo.com
  2. gmail.com
  3. hotmail.com
  4. mail.ru
  5. rambler.ru
  6. yandex.ru
  7. ya.ru
  8. qq.com
  9. aol.com
  10. bk.ru

There were no significant changes in the top 10 domains, only some entries swapped places.

Top 10 Most Popular Names

  1. info
  2. admin
  3. office
  4. mail
  5. contact
  6. sales
  7. adam
  8. webmaster
  9. john
  10. chris

The names “rambler.ru” and “mail.ru” were removed from this list as they were filtered out this year.

Leave a Reply