Key Findings
SpyCloud's 2024 research reveals the staggering scale of exposed credentials circulating within the criminal underground: 3.1+ billion total passwords recaptured.
97% of the phished records SpyCloud collected in 2024 contain at least one email address.
The average exposure for a single employee identity in 2024, under a traditional exposure model, shows 11 records per employee, 1 unique username, 1 total username, 1 unique email, 11 total emails, 7 credential pairs, and 7 unique sources (breach, malware, or phish).
There was an average of 44 exposed credentials per malware infection.
On average, a single malware infection could expose access to 10 to 25 third-party business applications.
By using holistic identity matching for an individual employee, the average exposure increases to 146 records per employee, 22 unique usernames, 13 total usernames, 89 unique emails, 141 total emails, 57 credential pairs, and 8 unique sources. This represents more than 12x the exposed data compared to the traditional view.
There were 2.2 billion credential pairs (username/email + password) recaptured.
74% of recaptured consumer records contain a physical or IP address.
An alarming 70% of users exposed in breaches last year reused previously-exposed passwords across multiple accounts, an increase from 61% in 2023.
About one in every two corporate users was already the victim of an infostealer infection on a personal or corporate system in 2024.
SpyCloud recaptured over 1.7 million phished records between the ONNX and Caffeine PhaaS platforms in the second half of 2024.
There were 895,802 stolen credential records for enterprise AI tools observed by SpyCloud in 2024.
SpyCloud found 159,313 stolen credential records from popular password managers in 2024.
Endpoint Detection and Antivirus Solutions miss 66% of malware infections.
SpyCloud recaptured 7 million stolen credential records for third-party applications in 2024, a 48% increase from the year prior.
93% of the recaptured passwords were cracked by SpyCloud and delivered as plaintext.
SpyCloud's research shows that 66% of malware infections occur on devices with endpoint security solutions installed.
About half of the recaptured phished data included specific city or postal code information.
Nearly one in two corporate users were already the victim of a malware infection in 2024.
In the year prior to 2024, malware was the cause of 61% of all breaches.
Under holistic identity matching, the average exposure for a single consumer identity shows 229 records per customer, 52 unique usernames, 105 total usernames, 27 unique emails, 125 total emails, 227 credential pairs, and 9 unique sources.
SpyCloud recaptured 44.8 billion PII assets in 2024, a 39% increase from 32.22 billion in 2023. This included 4.4 billion full names, 2.8 billion phone numbers, 42.97 million passport & driver's license numbers (a 168% increase from 2023), 36.97 million credit card numbers, and 3.05 billion Social Security & national ID numbers
An average of 1,861 cookies were harvested per malware infection.
64% of the phished records contained location data, mostly in the form of IP addresses.
SpyCloud recaptured 3,562 third-party breach records in 2024. These third-party breaches amounted to 7.6+ billion breach records.
142.27 million individuals had a password exposed in 2024, a 125% increase from 2023.
Endpoint Detection and Antivirus Solutions miss 66% of malware infections.
Nearly one in two corporate users were already the victim of a malware infection in 2024.
In the year prior to 2024, malware was the cause of 61% of all breaches.
17.3 billion cookies were siphoned by malware.
SpyCloud's research shows that 66% of malware infections occur on devices with endpoint security solutions installed.