Fueling the expanded cybercrime economy is a rise in infostealer malware, with nearly 50% of corporate users having been infected
AUSTIN, TX – March 19, 2025 (Globe Newswire) – SpyCloud, the leader in identity threat protection, today released its 2025 SpyCloud Annual Identity Exposure Report, uncovering the staggering scale of digital identity sprawl, the growing risks organizations face, and actionable insights to combat cyber threats before they escalate.
In 2024 alone, SpyCloud recaptured 53.3 billion distinct identity records, a 22% increase from 2023, underscoring the increasing prevalence of stolen data such as credentials and personally identifiable information (PII) circulating the darknet. These identity records, consisting of harvested employee, consumer, and supply chain data, are the fuel that power cyberattacks like ransomware, account takeover, and fraud – nearly 80% of breaches last year involved the use of stolen credentials.
Despite this surge in identity-based threats, many organizations remain unaware of the massive breadth of digital identity data stolen from users, traded among cybercriminals, and leveraged to infiltrate organizations.
Key Findings from the 2025 Annual Identity Exposure Report:
The True Scale of Identity Exposure is Greater Than Previously Estimated
By applying proprietary holistic identity matching, SpyCloud researchers discovered that the actual scale of exposure is, on average, more than twelve times larger than previously estimated – providing security teams with a clearer, more actionable picture of identity risk:
With a holistic approach to identity security, enterprises can move beyond isolated credential leaks and better understand their interconnected exposures – empowering them to act before an attack occurs.
Infostealer Malware: The Primary Driver of Modern Cybercrime
Infostealer malware – stealthy, highly efficient tools that extract user information, browser cookies, and system details from infected devices – has emerged as one of the most persistent and dangerous threats to enterprise security. SpyCloud recaptures data from more than 75 different malware families including LummaC2, Redline Stealer, and Vidar. This year’s research into the recaptured data from those families found that:
- 895,802 stolen credentials for enterprise AI tools, exposing sensitive business insights and proprietary data
- 159,313 stolen credentials from password managers, undermining critical security layers
Infostealers’ role in identity exposures has real, lasting effects on businesses and individuals. Last year, nearly one-third of companies that suffered a ransomware attack had previously experienced an infostealer infection.
Phishing: A Growing Threat Fueled by AI and Phishing-as-a-Service (PhaaS)
Phishing tactics evolved in 2024, becoming more sophisticated with AI-driven campaigns and turnkey PhaaS platforms. Attackers increasingly targeted high-value data, including personal and corporate credentials, financial accounts, and session cookies. SpyCloud’s 2025 research reveals:
PII Exposure Surges, Fueling Identity Fraud
The exposure of PII reached 44.8 billion recaptured records in 2024 – a 39% increase from the previous year – due in large part to breaches such as the Mother of All Breaches(MOAB) and the National Public Data Breach. Both exploding the available PII circulating the criminal underground and still providing cybercriminals with the raw materials to commit identity fraud and financial crimes. Key exposed PII data points include:
Cybercriminals are also capitalizing on sprawling digital identities and expanding their targets to include other forms of credentials. SpyCloud also recaptured 33.1 million exposed API keys and 147,132 compromised cryptowallet addresses, highlighting critical vulnerabilities in modern digital ecosystems.
Weak Password Practices Continue to Undermine Security
Despite growing awareness of identity threats, weak password practices remain a constant source of risk, making users easy targets for automated credential stuffing and account takeover attacks:
- 3.1 billion exposed passwords were recaptured – a 125% increase from last year
- 70% of users exposed in breaches last year reused previously-exposed passwords across multiple accounts, up from 61% in 2023
- Most commonly exposed passwords include: “123456,” “Admin,” “Qwerty”
- Pop culture continues to drive popular password choices. While these passwords are personal to the users, they are predictable and continue to reign as a top entry point for threat actors.
- Almost 3 billion referenced the fall season
- 7.5 million: 5 million referenced major international events in tennis
- Over 7 million referenced cats
- Passwords influenced by video games surged, including passwords related to The Legend of Zelda (2 million), Super Mario Brothers (almost 1.5 million) and Fortnite (almost 1 million)
- Passwords influenced by the year’s hottest artists such as Taylor Swift (5 million) and Charli XCX (295,000) were also common
Looking Ahead: Proactive Identity Protection is Critical
As identity threats continue to evolve, organizations must adopt a proactive, holistic approach to identity security. Defending against cybercrime requires continuous monitoring for dark web identity exposures, rapid and automated remediation of stolen identity data, and enhanced security measures to combat emerging threats.
Read the full 2025 SpyCloud Identity Exposure Report here.
About SpyCloud
SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.
To learn more and see insights on your company’s exposed data, visit spycloud.com.
