The number of annual credential spill incidents nearly doubled from 2016 to 2020. Credential stuffing, which involves the exploitation of large numbers of compromised username and/or email and password pairs, is a growing global problem. The FBI last year warned that the threat accounted for the greatest volume of security incidents against the US financial sector between 2017 and 2020 (41%) The average spill size also declined, falling from 63 million records in 2016 to 17 million last year. The 2020 median spill size (2 million records) represented a 234% increase over 2019.
Source: https://www.helpnetsecurity.com/2021/02/11/credential-spill-incidents/