According to a just-released report by threat intelligence company SOCRadar, 2025 saw:
- New highs for credential theft with a total of 388 million credentials were stolen from the ten most affected platforms. Facebook accounted for 93 million records, followed by Google with 67 million and Roblox with 66 million.
- Gaming platforms were hit especially hard. Roblox, Twitch, and Epic Games together accounted for around 100 million accounts.
- Dark Web activity centered on commercial exchange with sales accounting for 59% of observed activity, while 33% involved sharing stolen data and Hack announcements are around 5%.
- The US appeared in nearly 20% of all forum discussions, making it the most referenced country. Public Administration led sector discussions at 13%, followed by Information and Finance at around 10% each.
- Ransomware Activity Spread Across Groups – Akira led with 8.4% of incidents, followed by Qilin at 7.3% and Cl0p at 5.8%. No group controlled a large share of the landscape.
- The US saw 41% of all ransomware attacks, while the United Kingdom followed with 18%. Australia, Japan, and Canada completed the top five. English-speaking countries together accounted for more than 60% of reported cases.
What Do These Numbers Mean?
These developments form a connected chain. Credentials are stolen through malware. That access is sold on Dark Web forums. Ransomware groups purchase it and use it to launch attacks. This process creates various risks for organizations on multiple fronts. Employees are targeted first through personal or work accounts. Compromised credentials then become gateways to larger incidents.
The 388 million stolen credentials represent more than isolated breaches. They serve as entry points that enable broader and more damaging attacks.
The full report covers:
The 2025 End of Year Report expands on these findings, including:
- Stealer log distribution
- Dark Web activity
- Ransomware threats
- Global phishing activity
- And a summary of the threat landscape in 2025
To view the full report, see this link End of The Year 2025 Cyber Analysis
Related
This entry was posted on January 8, 2026 at 3:52 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
2025 Saw New Highs for Credential Theft, Dark Web Centered on Commercial Exchange, Ransomware and Akira and More
According to a just-released report by threat intelligence company SOCRadar, 2025 saw:
What Do These Numbers Mean?
These developments form a connected chain. Credentials are stolen through malware. That access is sold on Dark Web forums. Ransomware groups purchase it and use it to launch attacks. This process creates various risks for organizations on multiple fronts. Employees are targeted first through personal or work accounts. Compromised credentials then become gateways to larger incidents.
The 388 million stolen credentials represent more than isolated breaches. They serve as entry points that enable broader and more damaging attacks.
The full report covers:
The 2025 End of Year Report expands on these findings, including:
To view the full report, see this link End of The Year 2025 Cyber Analysis
Share this:
Like this:
Related
This entry was posted on January 8, 2026 at 3:52 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.