Leaked credentials have become one of the top threats in 2025, surpassing phishing and software vulnerabilities in frequency. According to the Verizon Data Breach Investigations Report, nearly a quarter of all cyber incidents in 2024 began with a simple username and password login. Data from Cyberint (part of Check Point) shows a 160% increase in leaked credentials within a year, turning the issue into a systemic problem. Details are covered on G.Business, citing The Hacker News as the source.
Automation and the Black Market for Data
The rise in leaks is driven not only by scale but also by the speed of exploitation. In just one month, Cyberint identified over 14,000 corporate credentials publicly exposed, most of them still active.
Automated infostealer malware enables even low-skilled attackers to steal data from browsers and device memory. Stolen logins end up on underground forums or are sold in bundles via Telegram channels. On average, removing exposed credentials from GitHub repositories takes 94 days — plenty of time for a stealth attack.
How Stolen Credentials Are Used
- Account Takeover (ATO) — taking over accounts to send phishing emails from legitimate sources,
- Credential Stuffing — testing stolen passwords on other services at scale,
- Spam and bots — running disinformation or spam campaigns,
- Extortion — threatening to leak data unless paid.
Even a private email account leak can provide a pathway into corporate systems through password recovery links.
The Hidden Risk Zones
46% of devices linked to corporate credential leaks lacked endpoint security protection. Often, these are employees’ personal laptops or smartphones.
Cyberint and Check Point use AI and automated data collection to detect leaks across the open web, deep web, and dark web, then act immediately by blocking access or forcing password resets.
Why Speed Matters
Even with MFA and strict password policies, the risk of leaks remains high. The winners are those who detect the problem before it is exploited. Cyberint’s playbook outlines procedures for employees and vendors: source verification, access revocation, stakeholder communication, and post-incident analysis.
Effective Protection Measures
- regular password changes and banning reuse,
- implementing SSO and MFA,
- login attempt limits,
- the principle of least privilege (PoLP),
- phishing awareness training,
- monitoring the dark web and forums.
These measures reduce risk, but only rapid detection and response can fully neutralize it.
The surge in credential leaks underscores that digital security is not a one-time effort but an ongoing process requiring constant vigilance. Companies should view leak monitoring as a competitive advantage rather than merely an incident response. Equally important is educating employees and business partners on safe password practices and rapid reaction to potential breach indicators. In a world where login credentials circulate as criminal commodities, every hour counts — and the winners are those who act proactively, not reactively.
Stay connected for news that works — timely, factual, and free from opinion — and insights that matter now:Microsoft Emergency Patch: Critical SharePoint RCE CVE-2025-53770 Exploited