According to SpyCloud’s 2023 Annual Identity Exposure Report, security personnel discovered 721.5 million account information compromises from major incidents in 2022, and more than 22 million devices worldwide were infected with malware.
The report states that 50% of the compromised account information came from botnets. These tools are often used to deploy highly accurate information-stealing malware. These information-stealing programs enable cybercriminals to work at scale, stealing valid credentials, cookies, autofill data and other valuable information to launch targeted attacks or sell for profit on the dark web.
The researchers’ investigation uncovered 8.6 billion personally identifiable information assets, including 1.4 billion full names, 332 million national ID/complete Social Security numbers and 67 million credit card numbers.
The report also found 22 billion device and session cookies, records that allow criminals to bypass MFA and hijack active sessions, thus giving them access to sensitive information.
Despite the increased focus on security training in recent years, password usage habits remain poor. 72 percent of user passwords compromised in 2022 are still being reused from previous compromises.