Flashpoint reported that cybercriminals exposed or stole 22.62 billion credentials and personal records across 4,518 data breaches in 2022, highlighting the central role stolen credentials play in modern cybercrime operations.

Why are stolen credentials so valuable to cybercriminals?

Stolen credentials allow threat actors to bypass perimeter defenses and gain direct access to networks, databases, and cloud services. Flashpoint reports that these credentials are routinely traded across illicit markets and used by ransomware groups, initial access brokers, and fraud actors.

How do illicit markets contribute to credential-based attacks?

Illicit forums and marketplaces enable cybercriminals to buy, sell, and exchange stolen credentials at scale. Flashpoint recorded 190 new illicit markets emerging in 2022, reinforcing how quickly these ecosystems regenerate after takedowns.

What are the main sources of stolen credentials?

Flashpoint found that misconfigured databases and services were responsible for over 71% of leaked credentials, despite accounting for only 5% of breaches. Additional sources include phishing campaigns, malware such as information stealers, and exploitation of known vulnerabilities.

What does Flashpoint recommend organizations do to reduce credential risk?

Flashpoint advises organizations to avoid siloed security approaches and instead unify cyber threat intelligence, vulnerability management, and vendor risk oversight. These recommendations are detailed in the State of Cyber Threat Intelligence Report.