Credentials
We've curated 148 cybersecurity statistics about credentials to help you understand how password management, multi-factor authentication, and the rise of phishing attacks are shaping the security landscape in 2025.
Showing 1-20 of 148 results
13% of employees say they’ve sold or know someone who has sold company login details – often under the belief it’s harmless
66% of business partner users admit to sharing or borrowing credentials
Each compromised device yielded an average of 87 stolen credentials.
276 million of the credentials indexed in 2025 included active session cookies.
50% more credentials were identified in the second half of 2025 than in the first half of the year.
90% more credentials were identified in the last three months of 2025 than in the first three months
Over half of all credentials (53%) were indexed within one week of exfiltration, and 36.4% within 24 hours.
More than 40% of cybersecurity professionals report experiencing a security incident involving non-human identities or credentials in the past year.
Of the 7 million credentials indexed with identifiable authorization URLs, 63.2% were tied to authentication systems.
Among the exposed corporate credentials analyzed, 80% contain plaintext passwords.
Threat actors exploited third-party software-based entry (44.5%) more frequently than weak credentials—a significant increase from the 2.9% observed in H1 2025.
43.6% of organizations report the use of stolen credentials as an entry vector
Relying on static credentials for AI systems correlates with a 20-percentage-point increase in incident rates.
67% of organizations rely on static credentials for AI systems.
Detected sensitive-data events are led by secrets and credentials (47.9%), followed by financial information (36.3%) and health-related data (15.8%).
44% of organizations use or plan to use static API keys and 43% use or plan to use username/password combinations for agents.
45% of Canadian IT & security professionals reported that employees using weak or compromised credentials is a top security concern
48% of organizations adopted AI-enhanced phishing detection.
33% of ransomware incidents involved compromised credentials
36% of insider incidents involved user credentials.