The average exposure for a single employee identity in 2024, under a traditional exposure model, shows 11 records per employee, 1 unique username, 1 total username, 1 unique email, 11 total emails, 7 credential pairs, and 7 unique sources (breach, malware, or phish).

There was an average of 44 exposed credentials per malware infection.

By using holistic identity matching for an individual employee, the average exposure increases to 146 records per employee, 22 unique usernames, 13 total usernames, 89 unique emails, 141 total emails, 57 credential pairs, and 8 unique sources. This represents more than 12x the exposed data compared to the traditional view.

74% of recaptured consumer records contain a physical or IP address.

SpyCloud recaptured 7 million stolen credential records for third-party applications in 2024, a 48% increase from the year prior.

Under holistic identity matching, the average exposure for a single consumer identity shows 229 records per customer, 52 unique usernames, 105 total usernames, 27 unique emails, 125 total emails, 227 credential pairs, and 9 unique sources.

142.27 million individuals had a password exposed in 2024, a 125% increase from 2023.