REPORT
2021 Annual Credential Exposure Report

2020 was not a typical year. Between the onset of a global pandemic, the shift to remote life, and the turbulent political landscape, consumers shifted their behavior dramatically — and criminals followed suit, swiftly finding ways to exploit these changes.
Throughout this unusual time, SpyCloud’s researchers have been embedded in criminal networks, using human intelligence (HUMINT) to recover stolen data before it reaches a broader criminal audience or goes public. As a result, the 1.5 billion credentials and 4.6 billion PII assets we’ve recovered provide unique insight into the breaches and botnet logs that have been released to criminal communities over the last year.
Download the report to see:
- Trends our researchers have observed within cybercriminal communities over the last 12 months
- What 2020 themes appeared in people’s passwords last year (covid-19, sourdough, and more)
- How many credentials containing .gov emails were exposed last year, and what passwords were most popular with government employees
- The top 10 breaches released over the last 12 months
Download the Report
Solution: Account Takeover Prevention
Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.
Related Resources

Hard Truths About ATO & Strategies To Defend Your Enterprise
Protecting your enterprise from breaches and account takeovers has never been a bigger challenge.

Top 10 Travel Booking Site
Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures
If your account takeover prevention program primarily focuses on automated credential stuffing attacks, you may be leaving your organization exposed to serious losses. Learn more in this webinar we hosted with ISMG.
With SpyCloud, you get enterprise-level, automated account takeover and ransomware prevention powered by Cybercrime Analytics based on actionable darknet insights.
SpyCloud offers the largest collection of recaptured darknet data in the world, combined with the earliest possible recovery. Our proprietary engine quickly ingests data from breaches, malware-infected devices, and other underground sources, then cleanses and enriches the data – adding context to the records so you understand the severity of the exposures (the source, breach description, and the actual password in plaintext). Our customers get notifications of compromised accounts and passwords far sooner with SpyCloud than any other provider.
Assets
Total
Passwords
Email
Addresses
Data Types
Check Your Exposure
See your real-time account takeover exposure details powered by SpyCloud data.