Average identity has 1 in 5 chance of already being victim of infostealer malware infection
AUSTIN – March 26, 2024 (Business Wire) – SpyCloud, the leader in Cybercrime Analytics, today released its 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and their impact on individuals and organizations. SpyCloud researchers recaptured 43.7 billion distinct identity assets in 2023, including nearly four times more personally identifiable information (PII) assets than in 2022 — over 32 billion, compared to last year’s 8.6 billion.
Taking a deeper look into how stolen data empowers bad actors to perpetrate cybercrimes including account takeover, fraud, and ransomware, SpyCloud researchers analyzed the exposures of the average digital identity being traded in the criminal underground and found that the average identity appears in as many as nine breaches and is associated with 15 breach records.
The rise in identity-based attacks can be attributed to a rapid increase in malware. SpyCloud found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these compromised identity records, one in four contained information about the user’s network or physical location, putting the individual’s identity, platforms they have access to, and physical well-being at risk.
Researchers also found that the average identity had a 1 in 5 chance of already being the victim of an infostealer infection. Infostealer malware enables criminals to collect vast amounts of information about the user and the device, including a user’s session cookies, API keys and webhooks, crypto wallet addresses, and more. This stolen authentication data enables cybercriminals to bypass protections including MFA and even passkeys to hijack their victim’s identity and take over digital sessions.
SpyCloud researchers also recaptured nearly 200 different types of PII in 2023, ranging from full names (3.16 billion) and phone numbers (2.14 billion) to dates of birth (920.25 million), social security and national ID numbers (171.61 million), and credit card numbers (36.97 million).
Additionally, mobile malware is becoming an attractive attack vector for criminals. Between August and December 2023, SpyCloud recaptured 10.58 million mobile records exfiltrated by malware. While the goal of mobile malware is often financial fraud, compromised devices can also result in sensitive data compromise, disruption of operations, and reputational damage.
Additional key findings from the 2024 report include:
- Poor password hygiene persists with pop culture still influencing password choices
- SpyCloud recaptured nearly 1.38 billion passwords circulating the darknet in 2023, an 81.5% year-over-year increase from 759 million in 2022.
- Within these passwords, the report finds a 74% password reuse rate for users exposed in two or more breaches in the last year – a 2 point increase from the prior year.
- Pop culture continues to drive popular password choices.
- 1 million passwords were related to American fantasy football.
- 1 million were related to the Hollywood writers’ strike.
- 1 million were related to the NBA playoffs.
- Passwords influenced by artists such as Shakira (508,000), Miley Cyrus (257,000), and Taylor Swift (119,000) were also common.
- The U.S. government continues to struggle with bad password practices
- SpyCloud researchers found 723 breaches containing .gov emails in 2023, up from 695 in 2022 and 611 in 2021. The recaptured records contained over 281,000 .gov credentials.
- The most common passwords associated with .gov emails were password, pass1, and 123456.
- Password reuse rates for .gov users increased this year, rising to 67% from 61% in 2022.
- The most noteworthy data leaks recaptured by SpyCloud last year:
- WhatsApp: 364 million records leaked
- Twitter (now X): 203 million records leaked
- Luxottica: 203 million records leaked
- UnionPay China: 127 million records leaked
To view the full report, visit spycloud.com/resource/spycloud-annual-identity-exposure-report-2024/.
To learn more about SpyCloud Labs’ analysis of active cybercriminal tactics, visit spycloud.com/resources/spycloud-labs/.
About SpyCloud
SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Its products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, safeguard employee and consumer identities, and investigate cybercrime incidents. Its unique data from breaches, malware-infected devices, successful phishes, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include more than half of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies around the world. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to make the internet safer with automated solutions that help organizations combat cybercrime.
To learn more and see insights on your company’s exposed data, visit spycloud.com.
