Flashpoint’s 2025 midyear report reveals a staggering 800% increase in credential theft compared to the previous year. The firm confirmed that more than 1.8 billion username and password combinations were compromised globally during the first six months of 2025.
The surge is attributed to a rise in use of information-stealing malware by cybercriminals targeting web and mobile users. Attackers are deploying more sophisticated phishing campaigns and malware tools to extract sensitive data.
Organizations across sectors from healthcare to finance face elevated risks due to credential exposure. With access data widely available, threat actors can easily conduct business email compromise, account takeover, and ransomware attacks.
Flashpoint warns enterprises to implement multi-factor authentication and password hygiene rigor. Routine monitoring and threat intelligence integration should improve detection of illicit activity involving stolen credentials.
The report underscores the urgency for organizations to adopt zero-trust access policies and credential security solutions. Without proactive defenses, businesses remain vulnerable to large-scale intrusion enabled by widespread login data leakage.
