AUSTIN, TX – March 19, 2025 (Cyber Newswire) – SpyCloud, the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report, highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. As cybercriminals move beyond single data points and leverage stolen data from a number of sources – breaches, malware and phishes – they are embracing a more sophisticated approach to identity exploitation, and organizations must shift their focus to a comprehensive and holistic defense strategy that accounts for the interconnected nature of digital identities.
Holistic Identity: The New Cyber Battleground
Organizations have traditionally focused on securing individual account credentials, but SpyCloud’s research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. Attackers now have access to extensive identity data from multiple sources—including data breaches, infostealer malware infections, phishing campaigns, and combolists—posing a challenge for organizations whose security measures have not yet adapted to address the full scope of interconnected identity exposures holistically.
SpyCloud’s collection of recaptured darknet data grew 22% in the past year, now encompassing more than 53.3 billion distinct identity records and over 750+ billion total stolen assets that are now circulating in the criminal underground, fueling identity-based cybercrime. These assets are a vast array of personal and professional credentials, session cookies, personally identifiable information (PII), financial data, IP addresses, national IDs and more that criminals are weaponizing in attacks against individuals and businesses.
New Definition for Identity Risk Emerges
With the explosion of available identity data, attackers can now piece together historical and present-day records to bypass security barriers. Traditionally, cybersecurity teams were only able to see a fraction of an individual’s darknet exposures – primarily only the exposed assets tied to a corporate identity – which were not comprehensive nor in correlation with other exposures. SpyCloud’s report shows that an individual’s identity exposure is more expansive than traditional cyber risk tools would indicate; in fact, it’s a sprawling web of interrelated assets that provide cybercriminals with a roadmap to exploit vulnerabilities and the keys to unlock valuable access.
- Of particular concern for businesses, a single corporate user now has an average of 146 stolen records linked to their identity – across 13 unique emails and 141 credential pairs (a username or email and its associated password) per corporate user, which highlights how attackers correlate historical data to uncover active enterprise access points.
- In the consumer realm, the numbers are even higher with 229 records per consumer, frequently including exposed PII such as full names, dates of birth, and phone numbers, as well as Social Security/ID numbers, addresses, and credit card or bank information. Consumer exposure averages 27 unique emails and 227 credential pairs per user.
Additional Report Findings:
Evolving Cybersecurity Strategies
The findings highlight that cybercriminals are moving well-beyond their own legacy tactics and businesses must recognize that traditional defenses are no longer enough. SpyCloud’s approach leverages holistic identity analytics, powered by the industry’s largest collection of recaptured darknet data, to help organizations correlate disparate identity elements and shore up identity threat protection measures, while mitigating risk more effectively.
For further insights, the full 2025 SpyCloud Identity Exposure Report is available here.
About SpyCloud
SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.
To learn more and see insights on your company’s exposed data, visit spycloud.com.
