A recent analysis by Cloudflare reveals that approximately 41% of successful human login attempts across websites they protect involve compromised passwords. This widespread password reuse significantly heightens the risk of account takeovers, especially through automated credential-stuffing attacks. Notably, bots are responsible for 95% of login attempts using leaked credentials, underscoring the scale of automated threats. The study also highlights that popular Content Management Systems (CMS) like WordPress are frequent targets, with 76% of leaked password login attempts on these platforms being successful. To mitigate such risks, Cloudflare recommends practices such as using unique, strong passwords for each account, enabling multi-factor authentication (MFA), and for website owners, activating leaked credentials detection and implementing rate limiting and bot management tools.
Read more https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/