Credentials
We've curated 148 cybersecurity statistics about credentials to help you understand how password management, multi-factor authentication, and the rise of phishing attacks are shaping the security landscape in 2025.
Showing 1-20 of 148 results
13% of employees say they’ve sold or know someone who has sold company login details – often under the belief it’s harmless
Each compromised device yielded an average of 87 stolen credentials.
More than 40% of cybersecurity professionals report experiencing a security incident involving non-human identities or credentials in the past year.
90% more credentials were identified in the last three months of 2025 than in the first three months
66% of business partner users admit to sharing or borrowing credentials
50% more credentials were identified in the second half of 2025 than in the first half of the year.
Over half of all credentials (53%) were indexed within one week of exfiltration, and 36.4% within 24 hours.
Of the 7 million credentials indexed with identifiable authorization URLs, 63.2% were tied to authentication systems.
276 million of the credentials indexed in 2025 included active session cookies.
Among the exposed corporate credentials analyzed, 80% contain plaintext passwords.
Threat actors exploited third-party software-based entry (44.5%) more frequently than weak credentials—a significant increase from the 2.9% observed in H1 2025.
43.6% of organizations report the use of stolen credentials as an entry vector
Relying on static credentials for AI systems correlates with a 20-percentage-point increase in incident rates.
67% of organizations rely on static credentials for AI systems.
Detected sensitive-data events are led by secrets and credentials (47.9%), followed by financial information (36.3%) and health-related data (15.8%).
44% of organizations use or plan to use static API keys and 43% use or plan to use username/password combinations for agents.
45% of Canadian IT & security professionals reported that employees using weak or compromised credentials is a top security concern
33% of ransomware incidents involved compromised credentials
48% of organizations adopted AI-enhanced phishing detection.
36% of insider incidents involved user credentials.