U.S. Government Credential Exposure

There is arguably no bigger producer, collector, consumer, and disseminator of data on the planet than the United States government. And yet, SpyCloud analysis has shown that its vast network of employees at the federal, state and local levels, including its contractors, are leaving that data exposed to enormous risk.

In 2020 alone, SpyCloud found:

  • 269,690 plaintext government credentials leaked in 465 breaches.
  • More than 1 million pairs of exposed emails and passwords for corporate accounts at the 27 largest companies in the defense industrial base.
  • 800,000 exposed corporate credentials (more than 7,000 per company) for employees at the 109 Fortune 1000 companies in the energy sector.

These exposures provide potential avenues for bad actors to access government resources and create massive risk in the government supply chain.

As this report explains, the prevalence of password reuse and loose credential security protocols are gifts to cybercriminals that expose the U.S. to significant risks. Our “Special Report: 2021 U.S. Government Credential Exposure” provides the prescriptive guidance needed to address this trend, along with a new framework for securing credentials that applies to employees, suppliers, and citizens.


Account Takeover Prevention
Detect and automatically reset exposed credentials before criminals can exploit them to perpetrate targeted attacks like ransomware.
Download the PDF version of the report to print or share with others.

With SpyCloud, you get enterprise-level, automated account takeover and ransomware prevention powered by Cybercrime Analytics based on actionable darknet insights.

SpyCloud offers the largest collection of recaptured darknet data in the world, combined with the earliest possible recovery. Our proprietary engine quickly ingests data from breaches, malware-infected devices, and other underground sources, then cleanses and enriches the data – adding context to the records so you understand the severity of the exposures (the source, breach description, and the actual password in plaintext). Our customers get notifications of compromised accounts and passwords far sooner with SpyCloud than any other provider.

0 +
0 +


0 +


0 +
Data Types

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.