The first half of 2025 has seen a dramatic password theft surge, with cybercriminals increasingly turning to infostealers and ransomware to break into systems, steal identities, and exfiltrate sensitive data. According to Flashpoint’s Global Threat Report, stolen credentials have become the primary tool for launching large-scale attacks.
Key findings from the report show:
- An 800% increase in credential theft via infostealers
- 179% spike in ransomware attacks
- 246% jump in publicly disclosed vulnerabilities
- 235% rise in data breaches, with the US hit hardest
- 78% of breaches involved unauthorized access
These numbers highlight how threat actors now prioritize stealing passwords over brute-force methods or zero-day exploits.
Infostealers fuel identity-driven attacks
Infostealers are now the weapon of choice for cybercriminals. These low-cost, high-impact tools grab everything from saved browser credentials and cookies to crypto wallets and autofill data. Flashpoint analysts say malware like Lumma, RedLine, StealC, and Acreed are among the most active players in 2025.
Sold for as little as $60 on dark web forums, infostealers often serve as the initial infection vector. One compromised device can lead to leaked email accounts, stolen corporate credentials, and complete session hijacking.
Flashpoint warns that identity has become the new attack surface, with attackers leveraging stolen logins for lateral movement through supply chains.
Ransomware and breaches tied to stolen credentials
Ransomware isn’t going anywhere. Attacks are up 179%, and many start with infostealer activity. Once inside, threat actors can deploy ransomware or sell access to RaaS (ransomware-as-a-service) groups like Cl0p.
Meanwhile, data breaches have surged by 235%, with PII leaks and account takeovers dominating the threat landscape. Flashpoint says the United States alone accounts for 66% of all global data breaches.
Most breaches stem from unauthorized access, not advanced zero-days. This shows how critical password and identity protection has become in 2025.
Conclusion
The password theft surge is a clear sign that identity is now the front line of cybersecurity. With credential theft up 800%, infostealers have become the entry point for everything from ransomware to supply chain infiltration. Experts urge organizations to shift toward proactive threat intelligence and tighter identity controls—because in 2025, one stolen password can lead to a full-scale breach.
0 responses to “Password theft surge hits 800% as cyberattacks skyrocket”