What types of online password guessing attacks are sites subjected to?
Study: 2017 Credential Spill Report
Date: January 2017
"Shape analyzed more than 15.5M account login attempts for one customer during a 4 month period, discovering that over 500K accounts were on publicly spilled credential lists."
"In one week, cybercriminals made over five million login attempts at a Fortune 100 B2C website using multiple attack groups and hundreds of thousands of proxies located throughout the world."