A study released by Google estimates that 1.5% of all logins used across the web are vulnerable to credential stuffing attacks due to being disclosed in data breaches. This number is based off of anonymous login data provided to Google through their Password Checkup extension. Only 26% of the warnings resulted in a password change. Adult sites had the largest amount of warnings, while entertainment sites had a rate of 6.3%. The full results from Google’s study can be found in the “Protecting accounts from credential stuffing with password breach alerting”” paper whose results will be presented this week.”
Source: https://www.bleepingcomputer.com/news/security/google-estimates-15-percent-of-web-logins-exposed-in-data-breaches/