The Risks of Reusing Passwords on Multiple Sites

Risks of Reusing Passwords

In a world where uncertainties surround our everyday activities, it’s essential to be cautious of our every move. The internet, like most offline activities, is packed with different kinds of criminals. If not careful, most of your online activities could expose you to losses, some of which could directly impact your reputation.

While most online securities seem to focus on monetary losses, significant conversations are now shifting to why it’s happening – reusing passwords.

It is human nature to look for easier ways around every task. For example, most prefer to use similar passwords for several sites when operating numerous sites because it’s easier to remember.

It’s just the tip of the iceberg.  Loss and damage done by data breaches that happened due to password misuse are more than one’s imagination. We have collected the password reuse statistics and summed up the top 30 breaches that took place until 2021.

You will find these articles interesting:

S. No.


Data Breach


Damage Happened and Affected Users



The adult video streaming website faced the bolt of data breach and compromised information safety when the password of its cloud storage was hacked.


10.88 billion Records.



This is one of the longest-running data breaches. More than 1 billion Yahoo users have to face personal information leaks. By the end of 2017, the total number of affected users reached 3 billion.  Due to the breach, Yahoo requested end-users to change their passwords.


3 billion records



Aadhaar, India’s citizen data record, has to face the wrath of a data breach in 2018 when a state-owned data system suffered from a data leak.  Due to the data leak, hackers could access citizens’ personal information, like names, biometrics, and bank details.


1.1 billion


First American Financial Corporation

It was one of the biggest finance data breaches in history because crucial details like wire transaction details, social security numbers, and mortgage details were leaked.


885 million users


Verifications. Io

Poor password handling can cause chaos in more than one’s imagination. Verifications.Io is its live example. This email verification service exposed details of the huge database and made it accessible to everyone. The database was left unmonitored and without any password.  The information leaked involved phone numbers, IP addresses, DoB, and users’ gender.


763 million



Data breaches are so common that big guns like LinkedIn are not safe from their bolt.  LinkedIn, despite adopting best practices, fell into the hacker trap and exposed the personal information of its 92% of users.  The hacker dumped the stolen data on the dark web in two waves.


700 million users



It was not Facebook’s fault. Yet, the social medium giant faced the public brunt when its third-party app, UpShot, faced data leaks.


533 million users


Starwood- Marriott

When the Starwood-Marriott merger was happening, hackers took benefit of the opportunity and leaked customers’ details.


500 million users



Data collected over 20 years were in public when an adult website faced a data breach.


412 million users



A Russian hacker broke into the database of  MySpace and leaked information like listed names, usernames, and birthdays.


360 million



Exactis, a Florida-based marketing firm, revealed its customer information like people’s phone numbers, home, and email addresses, interests, and the number, age, and gender as an after-effect of database hacking.


340 million



Due to a glitch in the database that stores user passwords, the user password was revealed to everyone.


330 million users



It was shocking for NetEase users to see their user passwords in hacking forums.  The organization faced a data breach and had to compromise the email and passwords of the users.


234 million users



Sociallarks, China’s growing social media platform, faced data breaches just because its servers were not using strong passwords.


200 million users


Deep Root Analytics

Records of US voters were accessible easily when the database of Deep Root Analytics faced a data breach.


200 million users



The hacker gets into the data records of Experian by impersonating a business-selling worker and hacking information like credit card and social security numbers.


200 million users



Adobe users had to compromise their personal information security when someone hacked the database and gained access to information like username and email ID.  Upon investigation, it came to the notice that the hacking happened as the website was using poor encryption. The hacker gets to know the passwords by simply guessing.


213 million users



The fitness app, owned by Under Armour,  leaked user information such as email addresses, login credentials, and usernames after facing a data breach. This information was stored as  SHA-1 and crypt hashes which were easy to decode. The hacker put the data for sale on the dark web.


150 million users



The genealogical service website had to disappoint its 92 million users when a hacker got access to its databases. Though the incident happened in 2017, it wasn’t made public until 2018. The incident was first reported by a security researcher when he spotted a file on a private server featuring user details.  After the incident was reported, the company took immediate steps and conducted a proper investigation.


92 million users



Spotify, the live music streaming platform, fell into the nippers of a data breach when a hacker hacked its database. The firm does not reveal the total number of affected users. The platform has to reset all of its passwords after the incident. It’s been anticipated that information like email, display image, profile image, and playlist will be exposed.


Not Disclosed


Tufts Health Plan, Aetna, Blue Cross Blue Shield &EyeMe

Because of the phishing attack, the alliance has to leave its user data unprotected. Information like names, addresses, dates of birth, phone numbers, email addresses, vision insurance account/identification numbers, and health insurance account/identification numbers were revealed.  In some data leaks, details of passports were also revealed.



484,157 Athena and 60,545 Tufts Health Plan users


Expedia, &

These three online booking giants were victims of hacking and data breaches when the reservation platform faced a data leak.  This third-party data leak was massive and forced the auto-cancelation of a few bookings. Details like the price paid per night, reservation dates, emails, names, and many more were leaked. A few customers complained that their CVV details and card details were also compromised.


10 million



This cloud-based fundraising vendor becomes a victim of ransomware at the beginning of February 2020. The incident remained unnoticed until March 2020. The vendor paid the ransom. Yet, the hacker copied over 6 million user data and leaked it later.


Inova Health(1.5 million users), Saint Luke’s Foundation (360,212), MultiCare Foundation (300,000), Spectrum Health (52,711), Northwestern Memorial HealthCare (55,983), and Main Line Health (60,595).


Microsoft Exchange

Hackers identified the flaws in the Microsoft Exchange server and took advantage of the situation. There were four security flaws and bugs on the server. Because of the flaw, many small businesses, towns, cities, and State-related data were compromised. The hacker gained control of the server and allowed him to steal the data. After understanding the situation, Microsoft releases security patches for the bugs.


30,000 organizations



Though T-Mobile didn’t reveal the total number of affected users, it was confirmed that the mobile service provider faced cyber hacking. The hacker used the SIM swap or SIM hijacking technique wherein the attacker could gain full control over the attacked phone number. Customers will get messages and calls to share the information. The information exposed can be related to banks, emails, names, addresses, etc. In some cases, social security numbers (SSNs), account personal identification numbers (PINs), and account security details can be compromised.


Not Disclosed


Collection 1

The leading cloud storage site was a victim of hacking in 2019 and had to lose information stored from 2008. The stolen information was left unprotected in a hacking forum.


773 million users


US Cellular

US Cellular, the fourth leading wireless carrier, fell into the nippers of hacking and was able to scam the employees into downloading malicious software. The software was downloaded from the employees’ software. The software was so powerful that once downloaded, hackers were able to gain access to all the software used by the company.


4.9 million


Town of Salem Video Game

Details of 7.6 online gamers were stolen by malicious hackers when the server, storing details like name, email ID, and password got corrupted. Other than this, information like IP addresses and security questions was also leaked.


7.6 million users



In this massive banking and mortgage data leak incident, more than 24 million data were left unprotected for a period of two weeks. When the source of the data leak was traced, it was figured out that there was a technical glitch in the company server. Financial information related to addresses, birth, social security numbers, and other financial details were revealed.


24 million



Canva is a huge online graphic tool that helps create amazing designs. Despite adopting commendable security practices, the platform suffered from a data breach that impacted 137 million users. The information compromised was related to email, cities, usernames, and email addresses.


137 million users

Based on the above statistics, it’s clear why hackers have a field day when data breaches occur.

To confirm your fears, try entering your email addresses on to see the number of times your information has been exposed to data breaches. Chances are, if not you, then a friend or colleague has been exposed to massive breaches.

The Precarious Upshots of Password Reuse and Why Do People Still Do It

Password reuse is a common practice, more common than you could imagine. The practice has been here for a very long time. In fact, it is only recently that people are aware of the dangers of this practice and are becoming diligent in using secure and different passwords.

Microsoft confirmed that around 44 million users are reusing their passwords as of 2020. In 2019, a study on password reuse revealed that around 72% of users who participated in the study recycle or reuse their passwords.63% of these users use the same passwords for all accounts.

Without understanding the difference between the security or importance of these websites, users deploy the same passwords for them. This is nothing but sending a direct invitation to hackers and cybercriminals.

The survey findings also revealed that users who use different passwords have only minor alterations that can be easily decoded. For instance, they might use 123@alexa for the banking website and 124@alexa for Netflix. One might think this is a safe practice, but it’s not as sharp minds of cybercriminals will decode these minor changes in the blink of an eye.

In fact, cybercriminals have become so smart that they have a list of the most commonly used password combinations and can hack an account instantly. Because of people’s habit of password reuse, cybercriminals have managed to complete 81% of data breaches, according to Verizon’s 2020 Investigation Report.

While this practice is too common, it’s high time that one should be aware of the dangers involved and ditch this habit as soon as possible.

All these dangers of password reuse are nerve-wracking, yet people still do this all the time. Why is it so? Let’s figure it out.

  • Some Systems Make it Tedious to Create New Passwords

Here is a case in mind. You visit a website, and your first attempt at a password is to add a symbol. You are prompted to add at least one lowercase, one uppercase, and a number on your next attempt.

If you are like most people, then it becomes tedious to figure out which characters are acceptable. Most probably, after a few tests, you will choose the easiest way out of the mess by reusing a password from your other sites. While you may get away with such a choice at the moment, the risks are pretty obvious.

But what if the visited website allowed special characters on their platforms? More importantly, what if they allowed you to create passwords in the best way you know how?

Well, their previous procedures may be in your best interest, but at times, the exception to unique characters and individual choices encourages the reuse of passwords.

  • The Repeat Mentality Blinds Rational Thinking

The idea of waking up one morning and not being able to remember hundreds of passwords makes people use the same password over and over again. This also happens in public institutions where officials are afraid of not accessing essential data when it is most needed.

The reusing of passwords in government has opened opportunities for fraudsters. And access to such delicate information has cost countries millions of dollars.

Private institutions also bear the brunt of reusing passwords to a hacker’s advantage. A good example is a report about Apple paying the Turkish Crime Family 401.731bitcoin to secure the information of the exposed accounts.

That being said, most of the reason hackers have access to this data is because of reused passwords. Think of it as the risk of having the same password for your iCloud and financial institution. The password repeat mentality eventually catches up with you and could cost you or your organization lots of money.

The Consequences of Using the Same Password Over and Over Again

With businesses and individuals facing the risk of losing up to $ 4 million every year due to leaked passwords and credentials, it’s only essential to learn how to keep accounts safe.

But first, let’s look at why most people reuse passwords even with all the associated risks.

  • You Put Multiple Accounts at Stake Simultaneously 

If you are in the habit of reusing passwords, then getting out of it is not easy. This is especially so if you have numerous sites spread out across different platforms. For example, if you are required to share credentials to view an e-book on a website, your first choice would be to use a password you know.

But here’s the catch, what if the email, login, or password are the same as what you use on your bank account? Well, then this becomes an issue because in case of a hacking attempt on the initial website, then your sensitive information is at risk.

A cybercriminal with this information will primarily target most of your sites and render havoc on your operations. The consequences of this are a loss of money, time, and peace of mind when reverting your accounts to normalcy.

Also, reusing passwords rains terror on companies and brands that haven’t been keen on password security. Unfortunately, some of the significant risks of reusing passwords also affect companies that are well aware of the dangers.

An example in this category is information security companies. Even with 45% of information security personnel admitting to knowing the risks of reusing passwords, it’s still a habit that’s yet to die completely.

  • More Possibilities Of Hacking Attacks Incidents 

We have already quoted above that password reuse is an open invitation to online thugs and cybercriminals. It makes their job easier than ever. If they manage to decode one password, they will be able to break into all of your accounts. They can steal money from a bank account, shop from your Amazon account, post offensive content from your Facebook account, and use your Netflix account while you pay for it.

It’s just the trailer. Based upon the dexterity of the hacker, you can end up facing hell on earth once your account is hacked.

For enterprises, hacking off a reused password will put the entire database and the organization’s integrity at stake. Employee and partner details will be compromised as well. There is no looking back from there.

  • Increased vulnerability towards password-guessing and brute force attack 

With password reuse, hackers will have a strong database, and they have a chance to make their brute force technique stronger than ever. For instance, it was a common belief that using an alphanumeric password is hard to guess and will prevent hacking attacks. But, with time, the practice became saturated, and people started using easy combinations like admin123 or john12. Such easy passwords were not at all difficult to handle. They manage to make a brute-force attack on the alphanumeric passwords too.

The more incidents of brute force, password stuffing, and password guessing occur, hackers’ databases are increasing. With each breach, they get to learn a new password and have an opportunity to understand the user mentality. It makes them more confident and more notorious.

  • Loss of Crucial Data 

In a data-driven world, no business can afford to lose business-critical data. But, when you reuse a password, you pave the path for this. When a hacker decodes your reused password, s/he will not put all the effort into anything. S/he will surely steal data or financial credentials.

Stolen customer or employee data is used in multiple ways. For instance, they sell that data to their competitors for huge compensation. Some even post the data on the dark web for free to prove their expertise and fetch big projects. In 2021, a hacker posted details of 500 million LinkedIn profiles on the Dark Web. The hacker sold such huge data at $2 to prove the inherited excellence and data authenticity.

Similarly, 1.3 million scrapped data of Club House was leaked for free on a popular hacking platform.

How to Manage Your Accounts Safely

The safety of your accounts depends on the applications you use for your passwords. Here are three applications that can limit access to your accounts.

  • Use the Two-Factor Authentication

Luckily, most sites are now offering two-factor authentication (2FA). With 2FA, your SMS service or email account acts as a second form of identification. This means that every time you or someone else tries to access a site from a new device or location, an SMS or email is sent to your registered account.

Another additional feature of 2FA is the temporary or one-off passcode. The passcode ensures that a hacker has little to no chance of accessing your sensitive data as long as the second factor is unavailable.

Apart from the 2FA, you can strengthen your account security using the authenticator app. The app is available mainly for Google and Microsoft accounts.

  • Enable Password Manager

If you haven’t been using the password manager, then you’ve probably been missing out on an excellent opportunity to boost your online safety. The best part about a password manager is that it can generate complex passwords for you. Even better is how it saves the passwords, so you don’t have to remember them every time.

The most exciting bit about a password manager is that it is also protected by one master password. This means that you only need to keep this key password in mind since it opens you to the other passwords. Having a password manager is a sure way of staying clear of reusing passwords on different websites.

Other Steps to Follow to Make Your Password More Secure

Apart from the applications or software mentioned above, other day-to-day practices can secure your accounts.

  • Delete Accounts You No Longer Use

Deleting dormant accounts gives you fewer passwords to worry about and fewer accounts to maintain. This enables you to keep tabs on any hack attempts and mitigate risks on time.

  • Check Passwords Continuously

This mainly applies to companies that carry out regular password updates. Before updating the passwords on official sites, ensure they aren’t compromised. It’s also important to emphasize the importance of unique and strong passwords for your team on every online site.

  • Ditch the Old Habits

Based on the Google Survey, it is estimated that 26% of users continued using old passwords even after reports of data breaches. Reluctance was one of the reasons for the behavior. If we are to get over the risks of reusing passwords, then old habits must die first.

  • Don’t Use Passwords on Unsecured Devices and Networks

Public Wi-Fi and shared computers are a threat to online security. Ensure access to sensitive accounts is only made through secure networks. If you must use public platforms, log off and don’t save passwords on the devices. Also, consider using a VPN to mask your computer’s IP address.


The first step to properly managing online accounts is understanding the risk of reusing passwords. Though this habit may not die on the first try, creating unique passwords is the only way to keep your sensitive information safe.


Let VPNWelt warn you: to be completely secure on the internet, you will need the help of the best VPN service.

You probably don’t have time to learn all the details about VPN services, but you want to know which one is the best for you. Here are six trustworthy VPNs I can recommend to you, depending on the scope of use of each of them.

  •     Best VPN overall: NordVPN
  •     Best value for money: CyberGhost
  •     Cheapest annual subscription: PIA
  •     Best for streaming: Surfshark
  •     Best premium VPN: ExpressVPN
  •     Largest country selection: VeePN

For more information, see our picks for the best VPNs here.

Related Articles:


How to keep track of passwords without reusing them?

Using a password manager is the best way to keep track of your passwords. A password manager stores your passwords in one place, so it’s easy always to confirm the status. Also, the automatic suggestions ensure you have unique passwords across different platforms.


Write comment

Your email address will not be published. Required fields are marked *