"By understanding how cybercriminals aggregate stolen data and the new tactics and trends they are leveraging to assume even more valuable information and access, organizations can take proactive steps to mitigate identity-based threats from these large underground sources before they escalate.” Additional Report Findings: 17.3 billion cookies were recaptured from malware-infected devices, enabling attackers to bypass MFA and hijack active user sessions.548 million credentials were exfiltrated via infostealer malware, highlighting the growing role of stealthy, targeted data theft in enterprise attacks.3.1 billion passwords were recaptured in 2024, marking a 125% increase from the previous year.70% of users whose credentials were exposed in breaches last year reused previously compromised passwords, significantly increasing their risk of account takeover attacks – a 9+ jump from 2023.44.8 billion PII assets – a 39% increase from 2023 are opening the door for new fraudulent activities.97% of recaptured phished data logs in 2024, from popular phishing-as-a-service (PHaaS) platforms like ONNX, included an email address and 64% had an associated IP address, giving criminals direct opportunities to perpetrate as the user and make lateral movements within an organization.
It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.” Fleury continues, "At SpyCloud, we’ve created holistic identity analytics built on the industry’s largest collection of recaptured darknet data, enabling our customers to correlate disparate data points that encompass an individual’s digital footprint—providing a truly holistic view of identity risk.” New Definition for Identity Risk EmergesWith the explosion of available identity data, attackers can now piece together historical and present-day records to bypass security barriers.
Of particular concern for businesses, a single corporate user now has an average of 146 stolen records linked to their identity – across 13 unique emails and 141 credential pairs (a username or email and its associated password) per corporate user, which highlights how attackers correlate historical data to uncover active enterprise access points.
The story "SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats" has 761 words across 21 sentences, which will take approximately 4 - 7 minutes for the average person to read.
Which news outlet covered this story?
The story "SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats" was covered 2 weeks ago by GlobeNewswire, a news publisher based in China.
How trustworthy is 'GlobeNewswire' news outlet?
GlobeNewswire is a fully independent (privately-owned) news outlet established in 1998 that covers mostly technology news.
The outlet is headquartered in China and publishes an average of 33 news stories per day.
It's most recent story was published 10 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Negative, indicating that people regard this as "bad news".
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
