Password cracking success rises across organizations in Blue Report 2025
Target Trend
Summary
Hide ▲
Show ▼
Password cracking succeeded in 46% of tested environments in Blue Report 2025, nearly doubling from last year and showing that credential compromise remains a major exposure across organizations. The finding is especially concerning because valid accounts remain the most exploited attack path once attackers get in. It points to persistent gaps in password hygiene, hashing practices, and MFA coverage.
Related Happenings
LastPass customer password vault backups exposed
Data Leak
First: 05.01.2026 11:30
Last: 05.01.2026 11:30
Sources 1
About this happening:
The **2022 LastPass data leak** exposed backups of about **30 million customer password vaults**, leaving more than **25 million users** with a **long-tail risk** of offline crack...
LastPass customer password vault backups exposed
Data LeakAbout this happening: The **2022 LastPass data leak** exposed backups of about **30 million customer password vaults**, leaving more than **25 million users** with a **long-tail risk** of offline crack...
Weak password hygiene and password reuse across FTSE 100 firms
Target Trend
First: 18.11.2025 11:45
Last: 18.11.2025 11:45
Sources 1
About this happening:
A **FTSE 100** credential-hygiene snapshot shows **59%** of companies still have at least one employee using **“password”** as a password, raising account-takeover risk across maj...
Weak password hygiene and password reuse across FTSE 100 firms
Target TrendAbout this happening: A **FTSE 100** credential-hygiene snapshot shows **59%** of companies still have at least one employee using **“password”** as a password, raising account-takeover risk across maj...
Whisper 2FA phishing campaign targeting accounts across multiple industries
Campaign
First: 15.10.2025 18:00
Last: 15.10.2025 18:00
Sources 1
About this happening:
**Whisper 2FA** has become a high-volume **phishing campaign** that has driven **nearly one million attacks** against **accounts across multiple industries** since **July 2025**....
Whisper 2FA phishing campaign targeting accounts across multiple industries
CampaignAbout this happening: **Whisper 2FA** has become a high-volume **phishing campaign** that has driven **nearly one million attacks** against **accounts across multiple industries** since **July 2025**....
Timeline
-
21.08.2025 13:50 1 articles · 9mo ago
Picus Blue Report 2025 on password cracking and valid-account abuse
Technical Analysis UpdatePicus Security's Blue Report 2025 says organizations continue to struggle with password cracking attacks and the malicious use of compromised valid accounts. Picus Labs found that password cracking attempts succeeded in 46% of tested environments in the first half of 2025, nearly doubling the prior year's success rate, and that Valid Accounts (MITRE ATT&CK T1078) remained the most exploited technique with a 98% success rate. The findings point to weak passwords, outdated hashing algorithms, and limited MFA coverage as persistent weaknesses in credential defense.
Show sources
- Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 — thehackernews.com — 21.08.2025 13:50