2020 Annual Credential Exposure Report

REPORT

2020 Annual Credential Exposure Report

Every year, the SpyCloud Credential Exposure Report examines the data cybercriminals have been sharing over the last year and what it means for enterprises and consumers. Our 2020 report shows that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover (ATO).

SpyCloud researchers infiltrate criminal networks to identify and recover stolen data months or years before it reaches a broader criminal audience or goes public. As a result, the 9 billion breach records analyzed for this report provide insight into breaches that have been freshly released to criminal marketplaces over the last year.

Download the report to see:

Trends our researchers have observed within cybercriminal communities over the last 12 months
Password reuse patterns, including the most common transformations people use to “refresh” a reused password
Most popular 100 passwords collected over the last 12 months
Common password hashing algorithms used by breached organizations

Download the PDF version of the report to print or share with others.

Solution:

Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Related Resources

Webinar

Hard Truths About ATO & Strategies To Defend Your Enterprise

Protecting your enterprise from breaches and account takeovers has never been a bigger challenge.

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Understand the differences between targeted account takeover (ATO) and automated credential stuffing attacks

Webinar

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures 

If your account takeover prevention program primarily focuses on automated credential stuffing attacks, you may be leaving your organization exposed to serious losses. Learn more in this webinar we hosted with ISMG.

With SpyCloud, you get enterprise-level, automated account takeover and ransomware prevention powered by Cybercrime Analytics based on actionable darknet insights.

SpyCloud offers the largest collection of recaptured darknet data in the world, combined with the earliest possible recovery. Our proprietary engine quickly ingests data from breaches, malware-infected devices, and other underground sources, then cleanses and enriches the data – adding context to the records so you understand the severity of the exposures (the source, breach description, and the actual password in plaintext). Our customers get notifications of compromised accounts and passwords far sooner with SpyCloud than any other provider.

0 +

Billion

Recaptured
Assets

0 +

Billion

Total
Passwords

0 +

Billion

Email
Addresses

0 +

---

Unique
Data Types

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.