Increase in stolen identity records fuels cybercrime
A new report from SpyCloud highlights a 22 percent increase in stolen identity records since 2023.
These identity records, consisting of harvested employee, consumer, and supply chain data, are the fuel that power cyberattacks like ransomware, account takeover, and fraud with nearly 80 percent of breaches last year involving the use of stolen credentials.
"Traditional security models focus on an isolated exposure data point, like a single stolen password or breached email, without accounting for the full picture of an individual's digital footprint and other potential exposures," says Damon Fleury, chief product officer at SpyCloud. "But modern threats are far more complex. At SpyCloud, we've pioneered a holistic approach to identity security, mapping exposures across breaches, malware infections, phishing campaigns, and combolists to reveal the true scale of risk from compromised users. This shift is essential for defenders to proactively mitigate threats from stolen identity data before they escalate into full-scale cyberattacks."
By applying proprietary holistic identity matching, SpyCloud researchers have discovered that the actual scale of exposure is, on average, more than twelve times larger than previously estimated -- providing security teams with a clearer, more actionable picture of identity risk. For example it identifies 146 identity records per corporate user compared to just 11 using traditional methods.
See also:
- Infostealers account for surge in identity-enabled attacks
- Number of compromised credentials up by 33 percent
- The poor the bad and the terrible -- popular passwords around the world
Infostealers are one of the main threats, with around one in two of corporate users exposed through infostealer malware in the past year through a personal or corporate device. The report identifies 895,802 stolen credentials for enterprise AI tools, exposing sensitive business insights and proprietary data, along with 159,313 stolen credentials from password managers, undermining critical security layers.
Poor password practices continue to be an issue too, with 70 percent of users exposed in breaches last year reusing previously-exposed passwords across multiple accounts, up from 61 percent in 2023.
You can get the full report from the SpyCloud site.
Image credit: Terrance Emerson/Dreamstime.com