Security experts have warned of a huge surge in identity-based attacks, after revealing that 1.8 billion credentials were stolen in the first half of 2025, an 800% increase compared to the previous six months.
Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition is based on over 3.6 petabytes of data analyzed by the threat intelligence firm.
The credentials were stolen from 5.8 million infected hosts and devices, it claimed.
The trend is particularly concerning as compromised credentials can give threat actors simple and covert access to corporate resources, unless accounts are protected by multi-factor authentication (MFA).
Read more on infostealers: 20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown
However, there’s more in the report to concern security teams.
Between January and June this year, the firm estimated over 20,000 disclosed vulnerabilities, 12,200 of which haven’t even appeared in the National Vulnerability Database (NVD), meaning network defenders may not be aware of them. Nearly 7000 have public exploits available, putting organizations at greater risk of compromise.
“The digital attack surface continues to expand, and the volume of disclosed vulnerabilities is growing at a record pace – up by a staggering 246% since February 2025,” the report noted.
“This explosion, coupled with a 179% increase in publicly available exploit code, intensifies the pressure on security teams. It’s no longer feasible to triage and remediate every vulnerability.”
Ransomware and Breaches on the Rise
Both trends could be fuelling ransomware-related breaches, given initial access often comes via credential compromise or vulnerability exploitation.
Confirmed ransomware breaches have risen 179% since the start of the year, with manufacturing (22%), technology (18%) and retail (13%) sectors the hardest hit.
Perhaps also unsurprisingly, the report revealed 3104 data breaches in the first half of 2025, relating to 9.5 billion compromised records.
“Over the past four months, data breaches surged by 235%, with unauthorized access accounting for nearly 78% of all reported incidents. Data breaches are both the genesis and culmination of threat actor campaigns, serving as a source of continuous fuel for cybercrime activity,” noted Flashpoint.
“As a genesis, breaches provide attackers with various elements of personally identifiable information (PII). They are also the end result of the illicit operation, where stolen data is extorted or listed for sale for financial gain.”
Last month, the Identity Theft Resource Center (ITRC) warned that 2025 is on track to become a record year for data breaches in the US.