{"id":2410,"date":"2025-03-19T12:27:44","date_gmt":"2025-03-19T12:27:44","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2410"},"modified":"2025-03-19T12:27:44","modified_gmt":"2025-03-19T12:27:44","slug":"spyclouds-2025-identity-exposure-report-reveals-the-scale-and-hidden-risks-of-digital-identity-threats","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2410","title":{"rendered":"SpyCloud\u2019s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures.<\/p>\n

SpyCloud<\/a>, the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report<\/strong><\/a>, highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. As cybercriminals move beyond single data points and leverage stolen data from a number of sources \u2013 breaches, malware and phishes \u2013 they are embracing a more sophisticated approach to identity exploitation, and organizations must shift their focus to a comprehensive and holistic defense strategy that accounts for the interconnected nature of digital identities.<\/p>\n

Holistic Identity: The New Cyber Battleground<\/strong><\/h3>\n

Organizations have traditionally focused on securing individual account credentials, but SpyCloud\u2019s research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. Attackers now have access to extensive identity data from multiple sources\u2014including data breaches, infostealer malware infections, phishing campaigns, and combolists\u2014posing a challenge for organizations whose security measures have not yet adapted to address the full scope of interconnected identity exposures holistically.<\/p>\n

SpyCloud\u2019s collection of recaptured darknet data grew 22% in the past year<\/strong>, now encompassing more than 53.3 billion distinct identity records and over 750+ billion total stolen assets<\/strong> that are now circulating in the criminal underground, fueling identity-based cybercrime. These assets are a vast array of personal and professional credentials, session cookies, personally identifiable information (PII), financial data, IP addresses, national IDs and more that criminals are weaponizing in attacks against individuals and businesses.\u00a0<\/p>\n

\u201cThe cybersecurity industry has spent years defending against traditional credential-based threats, but the reality is that attackers have advanced as the data they have access to has exploded in volume,\u201d said Damon Fleury, Chief Product Officer, SpyCloud. \u201cIdentity is the ultimate frontier of cyber risk, with users\u2019 exposure across past and present, personal and professional identities the new attack surface. It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.\u201dFleury continues, \u201cAt SpyCloud, we\u2019ve created holistic identity analytics built on the industry\u2019s largest collection of recaptured darknet data, enabling our customers to correlate disparate data points that encompass an individual\u2019s digital footprint\u2014providing a truly holistic view of identity risk.\u201d<\/p>\n

New Definition for Identity Risk Emerges<\/strong><\/h3>\n

With the explosion of available identity data, attackers can now piece together historical and present-day records to bypass security barriers. Traditionally, cybersecurity teams were only able to see a fraction of an individual\u2019s darknet exposures \u2013 primarily only the exposed assets tied to a corporate identity \u2013 which were not comprehensive nor in correlation with other exposures. SpyCloud\u2019s report shows that an individual\u2019s identity exposure is more expansive than traditional cyber risk tools would indicate; in fact, it\u2019s a sprawling web of interrelated assets that provide cybercriminals with a roadmap to exploit vulnerabilities and the keys to unlock valuable access.<\/p>\n

Of particular concern for businesses, a single corporate user now has an average of 146 stolen records<\/strong> linked to their identity \u2013 across 13 unique emails and 141 credential pairs <\/strong>(a username or email and its associated password) per corporate user, which highlights how attackers correlate historical data to uncover active enterprise access points.<\/p>\n

In the consumer realm, the numbers are even higher with 229 records per consumer<\/strong>, frequently including exposed PII such as full names, dates of birth, and phone numbers, as well as Social Security\/ID numbers, addresses, and credit card or bank information. Consumer exposure averages 27 unique emails and 227 credential pairs per user.<\/strong><\/p>\n

\u201cThe record-breaking breaches of 2024, including the Mother of All Breaches (MOAB) and the National Public Data Breach, along with the growing use of infostealing malware and crafty phishing campaigns illustrate just how vast the pool of exposed identity data has become,\u201d said Trevor Hilligoss, Senior Vice President of Security Research, SpyCloud Labs at SpyCloud. \u201cBy understanding how cybercriminals aggregate stolen data and the new tactics and trends they are leveraging to assume even more valuable information and access, organizations can take proactive steps to mitigate identity-based threats from these large underground sources before they escalate.\u201d\u00a0<\/p>\n

Additional Report Findings:<\/strong><\/h4>\n

17.3 billion cookies<\/strong> were recaptured from malware-infected devices, enabling attackers to bypass MFA and hijack active user sessions.<\/p>\n

548 million credentials<\/strong> were exfiltrated via infostealer malware, highlighting the growing role of stealthy, targeted data theft in enterprise attacks.<\/p>\n

3.1 billion passwords<\/strong> were recaptured in 2024, marking a 125% increase from the previous year<\/strong>.<\/p>\n

70% of users <\/strong>whose credentials were exposed in breaches last year reused previously compromised passwords, significantly increasing their risk of account takeover attacks \u2013 <\/strong>a 9+ jump from 2023.<\/p>\n

44.8 billion PII assets \u2013 a 39% increase from 2023 <\/strong>are opening the door for new fraudulent activities.<\/p>\n

97% <\/strong>of recaptured phished data logs in 2024, from popular phishing-as-a-service (PHaaS) platforms like ONNX, included an email address and 64% <\/strong>had an associated IP address, giving criminals direct opportunities to perpetrate as the user and make lateral movements within an organization.<\/p>\n

In the public sector, SpyCloud recaptured 127K .gov credentials<\/strong> and observed a 67% all-time password reuse rate<\/strong> \u2013 an increase of 13% over the previous year \u2013 highlighting persistent security risks for our federal agencies and national security.<\/p>\n

Evolving Cybersecurity Strategies<\/strong><\/h3>\n

The findings highlight that cybercriminals are moving well-beyond their own legacy tactics and businesses must recognize that traditional defenses are no longer enough. SpyCloud\u2019s approach leverages holistic identity analytics<\/strong>, powered by the industry\u2019s largest collection of recaptured darknet data, to help organizations correlate disparate identity elements and shore up identity threat protection measures, while mitigating risk more effectively.<\/p>\n

For further insights, the full 2025 SpyCloud Identity Exposure Report<\/strong> is available here<\/a>.<\/p>\n

About SpyCloud<\/strong><\/p>\n

SpyCloud<\/a> transforms recaptured darknet data to disrupt cybercrime. Its automated holistic identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud\u2019s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.<\/p>\n

To learn more and see insights, users can visit spycloud.com<\/a>.<\/p>\n

Contact<\/strong><\/h5>\n

Emily Brown<\/strong><\/p>\n

REQ on behalf of SpyCloud<\/strong><\/p>\n

spycloud@req.co<\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report, highlighting the rise of darknet-exposed identity data as the primary cyber risk […]<\/p>\n","protected":false},"author":0,"featured_media":2411,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2410","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2410"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2410"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2410\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2411"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}