2022 Annual Identity Exposure Report

2022 SpyCloud Identity Exposure Report

Last year, SpyCloud recaptured more than 15 billion credentials and PII assets from the criminal underground. That’s a 200% increase in assets recaptured compared to the prior year – ample data that fraudsters are exploiting for identity fraud, which impacts businesses and consumers alike.

Our annual report analyzes this data and sheds light on the trends we observed throughout the year, explaining how enterprises can use this information to protect themselves from account takeover, malware, and ransomware, and protect their consumers from online fraud.

Download the report to see:

  • The trends our researchers observed within cybercriminal communities over the last year
  • Why the rate of password reuse continues to rise
  • Popular passwords influenced by entertainment, politics, and sports (Marvel characters make frequent appearances!)
  • How this stolen data is used to perpetrate ransomware and other targeted attacks
  • The urgency of the malware problem, including a spotlight on RedLine Stealer, and why we’ve put even more focus on collecting bot logs from malware-infected devices
  • The top 12 notable breaches of 2021
Download the PDF version of the report to print or share with others.


SpyCloud Compass

Protect your business from malware risks by acting on compromised assets most likely to lead to future ransomware attacks

Related Resources

Malware Infected User Guide

Infected User Response Guide

Handy guide to decipher what it means when employee or consumer information appears on a botnet log, and how to contact infected users with an action plan.

Read More

With SpyCloud, you get enterprise-level, automated account takeover and ransomware prevention powered by Cybercrime Analytics based on actionable darknet insights.

SpyCloud offers the largest collection of recaptured darknet data in the world, combined with the earliest possible recovery. Our proprietary engine quickly ingests data from breaches, malware-infected devices, and other underground sources, then cleanses and enriches the data – adding context to the records so you understand the severity of the exposures (the source, breach description, and the actual password in plaintext). Our customers get notifications of compromised accounts and passwords far sooner with SpyCloud than any other provider.

0 +
0 +


0 +


0 +
Data Types

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.