1.8 Billion Credentials Stolen in the First Half of 2025—an 800% Increase
The use of threat actors leveraging information-stealing malware has increased by 800 percent, with more than 1.8 billion credentials compromised during the first half of 2025, according to a new report from Flashpoint.
In early 2025, Flashpoint identified four critical trends that its analysts believed would have a significant impact on the rest of the year. It’s midyear report, Global Threat Intelligence Index: 2025 Midyear Edition, is an update to the previous analysis, finding “significant escalations” in the threats to organizations.
The massive theft of credentials “underscores how these stolen digital identities underpin major malicious campaigns,” Flashpoint noted in a post about the report. While the breach of a single person’s credentials can be frustrating and costly to an individual and his or her organization, it is likely that the breach is part of a larger attack or a series of multi-stage attacks.
“Today’s threats don’t operate in silos,” the report said. Meaning that organizations need to remain aware of evolving cyber threats to better anticipate and defend against a multi-stage attack. “These pieces of digital identity are often the starting point for larger malicious campaigns, allowing threat actors to gain initial access—often through a single infostealer infection,” according to the report. Flashpoint also noted that some recent high-profile data breaches were traced back to single “infections or associated illicit marketplace listings. The identity attack vector introduces cascading risk across the supply chain, placing vendors, partners, third parties, and even customers well within the attack radius.”
For example, in February 2025 the telecom corporation Orange Spain reported that its Regional Internet Registry (RIPE NCC) account was taken over by a hacker, who used the access to manipulate other systems, including its Border Gateway Protocol routing and Resource Public Key Infrastructure configurations. Ultimately, this resulted in a three-hour Internet outage for Orange Spain. But that attack all started when one employee’s corporate credentials for RIPE NCC were stolen during a 2023 attack where information-stealing malware (also known as an infostealer) was used. The employee’s account did not use multi-factor authentication and relied on a weak password, “ripeadmin.”
Part of what makes identity such a popular target is that infostealers are inexpensive, widely-available, and a flexible jumping-off point with more access for cybercriminals, according to the report. Infostealer logs offer information collected from a compromised server, including autofill information (usernames and passwords), saved credit cards, and cryptocurrency addresses.
Although popular, infostealers are not the only way to collect credentials and information. Between 1 January and 30 June this year, there were 3,104 data breaches that occurred all over the world, resulting in the theft of more than 9.45 billion records—including account credentials, social security numbers, and financial data.
While the United States was the largest target (2,055 successful breaches—more than half off all breaches), Canada (119), Germany (104), the United Kingdom (90), and Australia (69) were also among the most affected countries.
Some organizations were more often targeted than others. The top targets included professional, scientific, and technical services (18 percent of breaches); healthcare and social assistance (15.9 percent); finance and insurance (13 percent); manufacturing, which often relies on outdated or legacy systems (10.4 percent); and information (10.2 percent).
“Data breaches surged by 235 percent, with unauthorized access accounting for nearly 78 percent of all reported incidents,” the report said. “…As a genesis, breaches provide attackers with various elements of personally identifiable information (PII). They are also the end result of the illicit operation, where stolen data is extorted or listed for sale for financial gain.”
Also check out these Security Management and ASIS International resources:
Global Data Breach Costs Drop But Lack of AI Risk Mitigation Poses Problems, IBM Report Finds
Verizon 2025 DBIR: Third-Party Involvement in Confirmed Security Breaches Doubled
