Whilst there is much literature on password authentication attacks, there has been little study of real online brute force attacks. This paper provides analysis of the most prolific attackers and provides analysis of distributed brute force attackers using unsupervised learning technique for clusterization. Compromised credential checking has recently emerged as an approach to improve password security by deterring users from using re-using breached passwords. Analysing an implementation on a large online gaming site, a \(184\%\) median increase in daily password change events in the first 30 days of rollout and an ongoing \(117\%\) increase in the following 20 days is observed.