41% of users use compromised passwords – Cloudflare

A Cloudflare analysis has shown that 41% of users use compromised passwords when logging into network services. This paves the way for large-scale attacks and account hacking.

Cloudflare analyzed traffic from September to November 2024. The results showed that a significant proportion of successful logins to sites are carried out using passwords that have previously been leaked. This means that hackers have a large database of stolen passwords in their arsenal and are actively using them to hack accounts.

The figure of 52% is even more alarming if you consider all authorization attempts, including unsuccessful ones. Botnets constantly carry out attacks using the method of password brute force (credential stuffing) using merged databases. According to Cloudflare, 95% of all authorizations carried out using leaks are the work of bots. In particular, content management platforms (CMS) such as WordPress, Joomla and Drupal are often at risk. On WordPress, 76% of login attempts with stolen passwords end successfully, and half of them are bot attacks.

• The problem of password reuse is extremely relevant, because users often use the same password for different services. This creates a domino effect – by hacking one account, attackers can gain access to other services.
• Even after significant data leaks, many users do not change their passwords or do so partially, using minor variations. This gives criminals the opportunity to quickly find working combinations and gain control over accounts.

Cloudflare’s research clearly demonstrates: ignoring cybersecurity rules creates serious risks for users. Experts strongly recommend using unique passwords, password managers and multi-factor authentication to protect your accounts.