Skip to main content
HomeTopicsExposure

Exposure

Cybersecurity statistics about exposure

Showing 1-11 of 11 results

More than 1 in 7 organizations expose API documentation to the internet.

Intruder5/27/2026
API SecurityAttack Surface

8% of organizations leave phpMyAdmin internet-facing.

Intruder5/27/2026
phpMyAdminInternet-facing

15% of organizations leave WordPress admin panels internet-facing.

Intruder5/27/2026
Internet-facingWordPress

26% of organizations leave MySQL databases exposed to the internet.

Intruder5/27/2026
MySQL DatabaseInternet-facing

74% of recaptured consumer records contain a physical or IP address.

SpyCloud4/8/2025
RecordsAddress

Under holistic identity matching, the average exposure for a single consumer identity shows 229 records per customer, 52 unique usernames, 105 total usernames, 27 unique emails, 125 total emails, 227 credential pairs, and 9 unique sources.

SpyCloud4/8/2025
RecordsCredentials

There was an average of 44 exposed credentials per malware infection.

SpyCloud4/8/2025
MalwareCredentials

142.27 million individuals had a password exposed in 2024, a 125% increase from 2023.

SpyCloud4/8/2025
CredentialsPassword

By using holistic identity matching for an individual employee, the average exposure increases to 146 records per employee, 22 unique usernames, 13 total usernames, 89 unique emails, 141 total emails, 57 credential pairs, and 8 unique sources. This represents more than 12x the exposed data compared to the traditional view.

SpyCloud4/8/2025
RecordsCredentials

The average exposure for a single employee identity in 2024, under a traditional exposure model, shows 11 records per employee, 1 unique username, 1 total username, 1 unique email, 11 total emails, 7 credential pairs, and 7 unique sources (breach, malware, or phish).

SpyCloud4/8/2025
RecordsCredentials

SpyCloud recaptured 7 million stolen credential records for third-party applications in 2024, a 48% increase from the year prior.

SpyCloud4/8/2025
CredentialsLogin