A study by analyst firm Digital Shadows found that the number of compromised credentials has quadrupled in 2019 over the previous year. The main reason is that users use the same or even the same passwords.
Hacking software tools such as the Sentry MBA and OpenBullet can handle millions of valid pairs per day. The data from one successful hack is immediately used to try to access other user accounts.