Skip to main content
HomeTopicsCredential Theft

Credential Theft

Cybersecurity statistics about credential theft

Showing 1-19 of 19 results

43% of internal authentication traffic still relies on NTLM, a legacy protocol frequently abused for credential replay and privilege escalation attacks.

Zero Networks6/15/2026
Internal Authentication TrafficNTLM

72% of organizations do not detect credential misuse in real time, often taking hours or sometimes days or weeks to identify unauthorized privileged access.

Keeper Security5/27/2026
Threat DetectionUnauthorized Privileged Access

In the last six months, use of reverse proxies to steal Microsoft 365 credentials surged by 139%.

KnowBe45/27/2026
Reverse ProxiesMicrosoft 365

Credential-stealer infections were dominated by RedLine with 911,968 infections (50.80%), Lumma with 499,784 infections (27.84%), and Vidar with 236,778 infections (13.19%).

Fortinet5/27/2026
MalwareInfostealer

45% of MSPs who reported BYOD-related security incidents cite credential theft or account compromise as a cause

Omdia & Aura Business5/27/2026
MSPAccount Compromise

Listings of stolen credentials linked to LummaC2 increased by 72% on underground marketplaces.

Ontinue5/27/2026
Stolen CredentialsLummaC2

SpyCloud identified 1.1 million password manager master passwords circulating in underground sources.

SpyCloud5/27/2026
Password ManagersDark Web

23.34% of the global ecosystem have corporate credentials circulating on the dark web via stealer logs.

Black Kite5/27/2026
Corporate CredentialsDar Web

There is an average of 50 exposed user credentials per infostealer malware infection.

SpyCloud5/27/2026
Infostealer MalwareExposed User Credentials

Infostealer malware led to the exposure of over 300,000 ChatGPT credentials in 2025.

IBM5/27/2026
Identity SecurityInfostealer Malware

Credential theft is the leading attack technique against cloud management infrastructure, cited by 67% of organizations experiencing cloud attacks.

Thales5/27/2026
Cloud SecurityIdentity Management

43.6% of organizations report the use of stolen credentials as an entry vector

Lumos5/27/2026
CredentialsEntry Vector

One in four attacks involve stealing saved passwords from browsers to authenticate as valid users.

Picus Security2/14/2026
Authentication

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

Cofense2/9/2026
PhishingDomain Abuse

Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.

KELA4/29/2025
CredentialsCredential theft

Among the roles most vulnerable to credential theft, 28% were in Project Management, followed by Consulting (12%) and Software Development (10.7%).

KELA4/29/2025
CredentialsCredential theft

The average time between credentials being found and the reported ransomware attack was 2.5 weeks

KELA4/29/2025
CredentialsCredential theft

Credentials or data were stolen in nearly half of all cyberattacks.

IBM 4/17/2025
CredentialsCredential theft

Over 65% of missed phishing emails across SEGs are vendor scams and credential theft.

IRONSCALES3/25/2025
PhishingSEG