Leaked credential exposure surged 160% in 2025 across organizations
Target Trend
Summary
Hide ▲
Show ▼
Leaked credentials surged 160% in 2025 versus the prior year, increasing the odds that organizations will face account takeover and breach initiation through simple logins. More than 14,000 corporate credential exposures were identified in a single month, showing the scale of the exposure problem across active accounts. The risk is amplified by long remediation delays, which can leave exposed credentials usable for weeks or months before defenders rotate secrets and close access.
Related Happenings
Docker Hub container images leaking secrets across more than 100 organizations
Data Leak
First: 04.02.2026 17:05
Last: 04.02.2026 17:05
Sources 1
About this happening:
Researchers uncovered **more than 10,000 Docker Hub container images** leaking **production API keys, cloud tokens, CI/CD credentials, and AI model access tokens**, putting secret...
Docker Hub container images leaking secrets across more than 100 organizations
Data LeakAbout this happening: Researchers uncovered **more than 10,000 Docker Hub container images** leaking **production API keys, cloud tokens, CI/CD credentials, and AI model access tokens**, putting secret...
ShinyHunters vishing campaign targeting SSO accounts
Campaign
First: 02.02.2026 15:46
Last: 02.02.2026 15:46
Sources 1
About this happening:
The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
ShinyHunters vishing campaign targeting SSO accounts
CampaignAbout this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
Latest development: 26.05.2026 22:46
ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.
FBI IC3 public warning on account takeover fraud
Public Sector Action
First: 25.11.2025 19:23
Last: 25.11.2025 19:23
Sources 1
About this happening:
The **FBI** issued an **IC3 public service announcement** warning that **account takeover (ATO) fraud** has caused **over $262 million** in reported losses since **January 2025**....
FBI IC3 public warning on account takeover fraud
Public Sector ActionAbout this happening: The **FBI** issued an **IC3 public service announcement** warning that **account takeover (ATO) fraud** has caused **over $262 million** in reported losses since **January 2025**....
Timeline
-
08.08.2025 14:00 1 articles · 9mo ago
Cyberint and Verizon report a 2025 surge in leaked credentials
Initial DisclosureVerizon's 2025 Data Breach Investigations Report found leaked credentials accounted for 22% of 2024 breaches, and Cyberint data showed a 160% increase in leaked credentials in 2025 versus the previous year, with more than 14,000 corporate credential exposures identified in one month. The reporting linked exposed credentials to account takeover, credential stuffing, spam distribution, blackmail, and extortion, and noted that 46% of devices tied to corporate credential leaks lacked endpoint monitoring, while GitHub repository leaks took an average of 94 days to remediate.
Show sources
- Leaked Credentials Up 160%: What Attackers Are Doing With Them — thehackernews.com — 08.08.2025 14:00