Cybercriminals Swipe 1.8 Billion User Credentials and 9 Billion Data Pieces
In the ever-evolving digital landscape, the security of your passwords has never been more crucial. According to the latest report from Flashpoint, a leading threat intelligence firm, the first half of 2025 has seen an unprecedented surge in cyberattacks, with information-stealing hackers at the forefront.
Infostealers, malicious software designed to exfiltrate sensitive data such as credentials, browser cookies, and autofill data, have become a favoured tool among cybercriminals. These tools, often acquired from underground forums, are the initial access point in complex intrusion campaigns that can lead to significant data breaches across organizations and their supply chains.
The report reveals a staggering 800% rise in stolen credentials, with around 1.8 billion compromised in just the first six months of the year. This surge in identity theft has made it the dominant cyberattack vector globally. Ransomware incidents have increased by 179%, while global data breaches grew by 235%, with about 78% of breaches involving unauthorized access using stolen credentials.
The ease of infostealer deployment, coupled with their low cost (typically between $60 and $400), has made them an attractive choice for threat actors. Infostealers provide deeper access than many other initial access vectors, complicating defense efforts amid a record growth in publicly disclosed vulnerabilities.
Ian Gray, Flashpoint's Vice President of Cyber Threat Intelligence Operations, emphasized the scale of the malicious activity, stating, "Ransomware is up 179% and data breaches have surged 235%."
In response to these findings, Flashpoint recommends a two-pronged approach. First, the use of stronger credentials technology than passwords and basic 2FA, such as passkeys. Second, the combination of compromised credential dataset intelligence with alerting based on specific affected domains.
The report also underscores the vulnerability of passwords, with 98.5% reported to fail a hacking test. As the digital threat landscape continues to evolve, it's clear that strengthening password security is a critical step in safeguarding against information-stealing hackers and the cyberattacks they enable.
Cybersecurity specialists are urging users to enhance their password security due to a significant rise in password malware and credential theft, as reported by Flashpoint, a prominent threat intelligence firm. In the first half of 2025, infostealers, the preferred tool for cybercriminals, have led to an 800% increase in stolen credentials and a dominance in global identity theft. To combat this, Flashpoint advises implementing stronger credentials technology than passwords, such as passkeys, and combining compromised credential dataset intelligence with alerting based on specific affected domains.
