45% of Canadian IT & security professionals reported that employees using weak or compromised credentials is a top security concern

33% of ransomware incidents involved compromised credentials

48% of organizations adopted AI-enhanced phishing detection.

36% of insider incidents involved user credentials.

88% of open-source Model Context Protocol (MCP) server implementations require credentials.

28% of Gen Z parents admit to sharing passwords verbally or through text or email.

46% of developers worry about AI systems sharing or leaking API credentials.

16% of organizations identify AI agents operating with user credentials as a Shadow AI concern.

Stolen credentials were involved in approximately 25% of ransomware attacks in 2025, up from an estimated 20% in 2024.

In 16% of large ransomware claims, attackers leveraged compromised or weak credentials to gain entry.

Analysis of over three million dark web posts shows stolen credentials far outpace credit card theft.

Attacks using valid credentials were successful 98% of the time.

2.67 million machines were infected by infostealer malware in H1 2025. This led to more than 204 million compromised credentials being observed.

Both infostealer infections and compromised credentials are on track to surpass 2024 figures, which saw over 4.3 million machines infected with approximately 330 million compromised credentials. This indicates a 24% increase YoY in these areas.

Over 1.8 billion credentials were stolen in the first half of 2025 alone. The 1.8 billion stolen credentials represent an 800% increase.

The theft of credentials via information-stealing malware has skyrocketed by 800% since the start of 2025.

Of organisations that experienced attacks, 38% of breaches stemmed from compromised employee credentials.

36% of organisations experienced a data breach involving identity credentials.

Among non-PAM users, 8% still store credentials in spreadsheets.

68% of users admitted to reusing passwords across multiple accounts.