SpyCloud’s 2025 Identity Exposure Report reveals that 91% of organisations reported suffering an identity-related incident in the last year, nearly double the proportion seen the year before. Data troves comprising stolen credentials, phishing logs, malware infection records and session cookies have expanded dramatically, but many firms remain overconfident in their ability to defend against evolving identity threats.
The volume of distinct identity records recaptured by SpyCloud has jumped by 22%, from 43.7 billion to 53.3 billion. Almost 80% of breaches still involve stolen credentials. Malware-driven theft is now a dominant component: infostealer malware was used to harvest 548 million credentials and 17 billion session cookies in 2024, enabling tactics such as bypassing multi-factor authentication. Corporate and personal devices alike are affected, with around half of corporate users exposed through malware via at least one device.
Phishing and PhaaS attacks are becoming more precise. Nearly all phishing logs recaptured included an email address; 64% contained IP addresses, and over half had location data. These enriched data enable adversaries to make their social engineering attacks more believable, better targeted, and harder to defend.
Weak password habits continue to undermine defences: 3.1 billion exposed passwords were retrieved in 2024—an increase of 125% from the previous year. About 70% of users whose credentials were exposed reused old or compromised passwords across multiple accounts. Simple patterns persisted, including “123456”, “Admin”, “qwerty” and passwords tied to pop culture references.
Despite growing threats, many organisations still rely heavily on traditional security measures. Although multi‐factor authentication is widely adopted—especially among large enterprises—attackers are increasingly evading MFA using stolen session cookies harvested from malware-infected devices.
Companies adopting what SpyCloud calls a “holistic identity security” model — one that correlates identity exposure across breaches, malware infections, phishing, and other sources — are better placed to assess risk. Using this method, SpyCloud found that a typical corporate user has about 146 identity records exposed, compared to only around 11 via legacy, narrow exposure assessments. The average exposed individual consumer had 52 usernames and 141 credential pairs tied to over 200 exposure records, frequently including sensitive personal data.
Another emerging issue is insider threat, both malicious and negligent. A survey of security leaders indicated that 56% of organisations experienced an insider threat incident in the past year. To address this, SpyCloud has rolled out enhanced “Investigations with AI Insights” to help security teams detect patterns of risk faster, by correlating exposure data with behavioural anomalies.
Public sector exposures continue to draw concern. In. gov email credentials recaptured, password reuse was especially high—67% among users who had been exposed. This highlights vulnerabilities within government agencies that attackers can exploit.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
