AUSTIN, Texas--(BUSINESS WIRE)--SpyCloud, the leader in Cybercrime Analytics, today released its 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and their impact on individuals and organizations. SpyCloud researchers recaptured 43.7 billion distinct identity assets in 2023, including nearly four times more personally identifiable information (PII) assets than in 2022 — over 32 billion, compared to last year’s 8.6 billion.
Taking a deeper look into how stolen data empowers bad actors to perpetrate cybercrimes including account takeover, fraud, and ransomware, SpyCloud researchers analyzed the exposures of the average digital identity being traded in the criminal underground and found that the average identity appears in as many as nine breaches and is associated with 15 breach records.
The rise in identity-based attacks can be attributed to a rapid increase in malware. SpyCloud found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these compromised identity records, one in four contained information about the user's network or physical location, putting the individual's identity, platforms they have access to, and physical well-being at risk.
Researchers also found that the average identity had a 1 in 5 chance of already being the victim of an infostealer infection. Infostealer malware enables criminals to collect vast amounts of information about the user and the device, including a user’s session cookies, API keys and webhooks, crypto wallet addresses, and more. This stolen authentication data enables cybercriminals to bypass protections including MFA and even passkeys to hijack their victim's identity and take over digital sessions.