A new report from SpyCloud highlights a significant increase in exposed API keys, session tokens, and machine identities. The analysis, which examined data from the criminal underground, found a 23% rise in recaptured identity records, now totaling 65.7 billion. Attackers are increasingly targeting non-human identities alongside traditional credentials, with further coverage provided by HackRead.The 2026 Identity Exposure Report details a growing attack surface involving non-human identities (NHIs), with 18.1 million exposed API keys and tokens captured in 2025. These NHIs, often lacking multi-factor authentication and possessing broad permissions, provide attackers with persistent access to critical systems and supply chains. Phishing remains a major enterprise threat, with nearly half of the 28.6 million phished identity records belonging to corporate users.The report also notes the continued prevalence of session theft and multi-factor authentication bypass techniques, with 8.6 billion stolen cookies and session artifacts recovered. Infostealer malware also continues to be a significant source of identity exposure, with over 642.4 million credentials recovered from 13.2 million infections.Source: HackRead
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds





