Leaked Credentials Increase by 160%: Exploits Utilized by Attackers

When an organisation’s credentials are leaked, the immediate consequences are often not visible, yet the long-term impact can be significant. Many real-world cyber breaches start with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches in 2024, surpassing phishing and software exploitation. This statistic highlights that nearly a quarter of all incidents are initiated through straightforward login attempts rather than complex attacks. The threat of leaked credentials has been growing, with new data from Cyberint indicating a 160% increase in such leaks in 2025 compared to the previous year. Their report, titled The Rise of Leaked Credentials, delves into the volume of these leaks, their exploitation, and strategies organisations can employ to mitigate risks.

The surge in leaked credentials is not solely about volume; it also involves speed and accessibility. In just one month, Cyberint identified over 14,000 corporate credential exposures linked to organisations with intact password policies, indicating a real threat. Automation has simplified credential theft, with Infostealer malware enabling even low-skilled attackers to harvest login data. AI-generated phishing campaigns can convincingly mimic legitimate communication. Once obtained, these credentials are often sold on underground marketplaces or shared in bundles on platforms like Telegram. The average time to remediate credentials leaked through GitHub repositories is 94 days, providing attackers with a three-month window to exploit access undetected. Leaked credentials serve as currency for attackers, facilitating various malicious activities, including Account Takeover, Credential Stuffing, spam distribution, and even blackmail.