SpyCloud Surpasses One Trillion Recaptured Identity Assets as Stolen Session Data Overtakes Passwords as Attackers' Top Target

New milestone reveals nearly half of all recaptured identity assets are stolen session cookies and tokens – proof that passwords and passkeys alone can no longer stop identity-based attacks

AUSTIN, Texas, July 16, 2026 (GLOBE NEWSWIRE) -- SpyCloud, the leader in identity threat protection, announced it has surpassed one trillion recaptured identity assets, a milestone that demonstrates the accelerating scale of identity-based cybercrime.

Over the last decade, cybercriminals have assembled increasingly rich identity profiles, combining data from infostealer malware, phishing campaigns, combolists, breaches, and other criminal sources. As the cybercrime ecosystem has evolved, SpyCloud has expanded the breadth and scale of the identity exposures it recaptures to stay ahead of these threats. Today, the company's recaptured identity intelligence contains more than 1.01 trillion identity assets, representing 130x growth since the company’s founding in 2016 and giving the industry its most comprehensive view into the identity data attackers are actively using to target individuals and organizations.

"One trillion recaptured identity assets isn’t simply a milestone for SpyCloud – it’s evidence of how dramatically identity-based cybercrime has evolved and expanded," said Trevor Hilligoss, Chief Intelligence Officer at SpyCloud. "Attackers are collecting richer identity data from more sources than ever before – with enhanced phishing kits and infostealer malware really taking off over the last couple of years. Our job is to recapture the stolen data exposed from these tactics, transform it into actionable identity intelligence, and help defenders close the window between compromise and remediation. That’s how we shift the advantage back toward the good guys and impose real costs and consequences on bad actors."

A CLEARER VIEW INTO TODAY’S IDENTITY THREAT LANDSCAPE

This milestone illustrates how quickly identity exposure has advanced. In the last 30 days alone, SpyCloud recaptured 25 billion identity assets – nearly 10,000 every second. The company has now recaptured over 45 billion exposed passwords, with over 91% cracked into plaintext for easier remediation 

However, as criminals shift tactics, passwords are no longer the only battleground. Stolen session cookies and authentication tokens now account for nearly half of all recaptured identity assets, signaling that attackers are moving beyond initial credentials to exploit already authenticated sessions. Last year alone, SpyCloud recaptured nearly nine billion stolen cookies. This shift proves that while passwords remain a standard security measure, they are no longer sufficient on their own, as relying on them alone leaves the actual, authenticated session vulnerable to hijacking.

"The fact is that session data is a critical part of a user’s identity," said Hilligoss. “Once a cookie or token is stolen, it doesn't matter how strong your password policy is or how many MFA factors you require, because the attacker isn't logging in – they're resuming a session that's already been authenticated. That's the blind spot most organizations still haven't closed."

THE FASTEST-GROWING THREAT: PHISHING BUILT TO STEAL SESSIONS, NOT JUST CREDENTIALS

A major contributor to this shift is the evolution and prevalence of phishing attacks. SpyCloud’s Phishing Pulse Report found that 78% of survey organizations saw phishing volume increase, and 86% of Fortune 100 organizations had exposed employee data in successful phishes in the last year. Where legacy phishing kits were built to harvest usernames and passwords, the fastest-growing phishing-as-a-service (PhaaS) kits are now purpose-built to intercept the authenticated session itself, using adversary-in-the-middle (AitM) techniques that let attackers step directly into a live, logged-in session.

Stolen access data is the most critical thing for organizations to start tracking and remediating because they reveal that an identity has a live, actively compromised session an attacker can use right now.

The surge of exposed identity data underscores why organizations need comprehensive visibility – not just into stolen credentials – but into every identity artifact attackers can use to bypass authentication altogether.

TRANSFORMING RECAPTURED DATA INTO FINISHED IDENTITY INTELLIGENCE

As stolen identity data has grown exponentially in scale and complexity, collecting it has become only part of the challenge. SpyCloud continuously recaptures identity data from malware, phishing campaigns, combolists, and third-party breaches, then applies proprietary advanced analytics and AI insights to parse, normalize, deduplicate, enrich, and correlate fragmented exposures into holistic identity intelligence built on years of research and investigative tradecraft.

The result is immediately actionable exposure data for security, fraud, and threat intelligence teams to detect compromised identities, prioritize remediation, automate identity threat response, and accelerate cybercrime investigations.

"Our greatest investments have been the technology we’ve built to automatically parse billions of records across every format, extract structured identity assets, correlate exposures to individual identities, and maintain the data quality required to operationalize the intelligence," said Mike Dausin, Senior Director of Data Engineering at SpyCloud. "We've spent nearly a decade building, refining, and enhancing that automation, we’re able to stay ahead and continuously transform massive volumes of raw recaptured data into intelligence security teams can trust."

IDENTITY INTELLIGENCE THAT DISRUPTS CYBERCRIME

The same recaptured identity data that helps organizations defend against identity-based threats also fuels global efforts to disrupt cybercrime. The SpyCloud team’s expertise has been instrumental in supporting international law enforcement and global cybercrime disruptions, including partnerships with Europol and the World Economic Forum. The same data allows security teams to accelerate threat investigations and take actionable steps against criminal networks, leading to widespread takedowns and arrests.

"The cybercrime economy continues to evolve at an incredible pace," Hilligoss added. "But so does our ability to understand it. Every identity asset we recapture, every exposure we correlate, and every connection we uncover provides a clearer picture of the people, infrastructure, and tactics behind cybercriminal operations. That intelligence helps public-private partnerships disrupt criminal networks while enabling enterprise security, threat intelligence, and CTI teams to accelerate attribution and investigate threats with greater confidence."

To learn more about SpyCloud’s identity threat intelligence and mission to disrupt cybercrime, or to see insights into your organization’s exposed data, visit spycloud.com.

About SpyCloud

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions use advanced analytics and AI to accelerate investigations and protect workforce, consumer, and supplier identities from the threats that matter most: authentication bypass, session hijacking, malicious insiders, account takeover, ransomware, and fraud. Its data from malware-infected devices, successful phishes, combolists, and third-party breaches also powers many popular dark web monitoring and identity theft protection offerings. Customers include 7 of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 250 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company's exposed data, visit spycloud.com.


CONTACT:
REQ on behalf of SpyCloud
spycloud@req.co

Primary Logo

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Advanced Search Options

Search for:

Search scope:

Type:

Search in:

Date range:

The last

Sort by:

Sign up for:

Technology Wire Cambodia

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.