Austin, TX, United States, March 19th, 2025, CyberNewsWire
The 2025 SpyCloud Annual Identity Exposure Report released by SpyCloud reveals that the average corporate user now has 146 stolen records linked to their identity, marking a significant increase from previous estimates.
The report highlights the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. Cybercriminals are leveraging stolen data from various sources to exploit identities in a more sophisticated way, emphasizing the need for organizations to adopt a comprehensive defense strategy.
Holistic Identity: The New Cyber Battleground
SpyCloud’s research shows that cybercriminals have expanded their tactics beyond conventional account takeover, accessing extensive identity data from breaches, malware, and phishing campaigns. This shift requires organizations to adapt their security measures to address interconnected identity exposures holistically.
The collection of recaptured darknet data by SpyCloud has grown by 22% in the past year, now comprising over 53.3 billion distinct identity records and 750+ billion total stolen assets circulating in the criminal underground.
“The cybersecurity industry has spent years defending against traditional credential-based threats, but attackers have advanced as the data they have access to has exploded in volume,” said Damon Fleury, Chief Product Officer, SpyCloud.
“At SpyCloud, we’ve created holistic identity analytics to provide a truly comprehensive view of identity risk,” Fleury added.
New Definition for Identity Risk Emerges
With the proliferation of identity data, attackers can piece together historical and present-day records to bypass security barriers. SpyCloud’s report reveals the expansive nature of an individual’s identity exposure, emphasizing the need for organizations to mitigate identity-based threats effectively.
- On average, a single corporate user now has 146 stolen records linked to their identity, emphasizing the correlation between historical data and active enterprise access points.
- In the consumer realm, the numbers are even higher with 229 records per consumer, including exposed PII such as full names, dates of birth, and phone numbers.
“The record-breaking breaches of 2024 illustrate just how vast the pool of exposed identity data has become,” said Trevor Hilligoss, Senior Vice President of Security Research, SpyCloud Labs at SpyCloud.
Additional Report Findings:
- 17.3 billion cookies were recaptured from malware-infected devices, enabling attackers to bypass MFA.
- 548 million credentials were exfiltrated via infostealer malware, highlighting the role of targeted data theft.
- 3.1 billion passwords were recaptured in 2024, indicating a 125% increase from the previous year.
- 70% of users whose credentials were exposed in breaches last year reused previously compromised passwords.
- 44.8 billion PII assets are opening the door for new fraudulent activities.
- 97% of recaptured phished data logs in 2024 included an email address and 64% had an associated IP address.
Evolving Cybersecurity Strategies
The findings suggest that traditional defenses are no longer sufficient, and organizations must leverage holistic identity analytics to enhance identity threat protection measures.
For more insights, the full 2025 SpyCloud Identity Exposure Report can be accessed here.
About SpyCloud
SpyCloud disrupts cybercrime by transforming recaptured darknet data into advanced identity threat protection solutions.
To learn more, visit spycloud.com.
Contact
Emily Brown
REQ on behalf of SpyCloud
[email protected]
