The latest report from the leading identity threat protection company, SpyCloud, sheds light on the alarming increase in stolen records linked to corporate users’ identities. According to the 2025 SpyCloud Annual Identity Exposure Report, the average corporate user now has 146 stolen records associated with their identity, marking a significant 12x surge from previous estimates.
This rise in holistic identity exposures has become a primary cyber risk facing enterprises today. Cybercriminals have evolved their tactics beyond traditional account takeover methods, leveraging stolen data from various sources such as breaches, malware, and phishing campaigns. This sophisticated approach to identity exploitation poses a challenge for organizations that have not adapted their security measures to address the interconnected nature of digital identities.
SpyCloud’s collection of recaptured darknet data has grown by 22% in the past year, encompassing over 53.3 billion distinct identity records and more than 750+ billion total stolen assets circulating in the criminal underground. These stolen assets include a wide range of personal and professional credentials, session cookies, personally identifiable information (PII), financial data, IP addresses, national IDs, and more, which cybercriminals weaponize in attacks against individuals and businesses.
Damon Fleury, Chief Product Officer at SpyCloud, highlighted the need for organizations to rethink the risks posed by employees, consumers, partners, and suppliers in the face of escalating cyber threats. SpyCloud has developed holistic identity analytics based on the industry’s largest collection of recaptured darknet data, allowing customers to correlate disparate data points to gain a comprehensive view of identity risk.
The report also reveals that a single corporate user now has an average of 146 stolen records tied to their identity, with 13 unique emails and 141 credential pairs per corporate user. In the consumer realm, the numbers are even higher, with 229 records per consumer on average, including exposed PII such as full names, dates of birth, phone numbers, Social Security/ID numbers, addresses, and financial information.
Furthermore, the report outlines additional findings, including the recapture of 17.3 billion cookies from malware-infected devices, 548 million credentials exfiltrated via infostealer malware, and a 125% increase in recaptured passwords compared to the previous year. The data also shows that 70% of users whose credentials were exposed in breaches reused previously compromised passwords, increasing their risk of account takeover attacks.
To combat these evolving cyber threats, organizations must adopt new cybersecurity strategies that go beyond traditional defenses. SpyCloud’s holistic identity analytics offer a proactive approach to mitigating identity threats and improving overall risk management. The full 2025 SpyCloud Identity Exposure Report provides in-depth insights into the current landscape of identity-based cyber risks and effective mitigation strategies.
For more information and to access the full report, visit the SpyCloud website.