Overview
- The study aggregated more than two billion leaked credentials from Telegram channels and dark‑web forums after verification and de‑identification.
- The three most common passwords were “123456”, “12345678”, and “123456789”, used by millions of accounts globally.
- About 65.8% of examined passwords had fewer than 12 characters, with nearly one in four of the top 1,000 purely numeric and 38.6% containing “123”.
- Regionally flavored entries appeared, with “India@123” ranked 53rd and “minecraft” ranked 100th with tens of thousands of occurrences.
- Comparitech warns that weak, reused passwords enable account takeovers via credential stuffing and urges unique 12+ character passwords with two‑factor authentication.