What's Happening?
A recent analysis by Comparitech has shed light on the journey of stolen passwords through the cybercrime ecosystem. The study examined over 447,000 credential leaks and breach threads across four major cybercriminal forums, revealing a five-stage supply
chain for stolen credentials. The stages include origin, wholesale, trade, aggregation, and end use. Infostealer malware and data breaches are identified as primary sources of compromised credentials. These credentials are then brokered in the wholesale stage, traded across forums, and aggregated into combolists for credential-stuffing campaigns. The analysis highlights the ongoing threat of credential theft, with 2.8 billion credentials reported compromised in 2025 alone.
Why It's Important?
The findings underscore the persistent threat posed by credential theft to individuals and organizations. Stolen passwords are not only used for direct breaches but also fuel broader cybercrime activities such as ransomware attacks and business email compromises. The analysis emphasizes the need for enhanced security measures, such as the adoption of passkeys and two-factor authentication, to protect against these threats. The report also highlights vulnerabilities in popular platforms, such as Microsoft Edge, which reportedly stores passwords in plain text, increasing the risk of exploitation.
What's Next?
In response to these findings, there may be increased pressure on companies to improve their cybersecurity protocols and on users to adopt more secure authentication methods. The report suggests a shift towards passkeys and the use of password managers to mitigate risks. Additionally, there could be a push for regulatory measures to address vulnerabilities in software and platforms that handle sensitive data. As cybercriminals continue to evolve their tactics, ongoing research and adaptation of security practices will be crucial.
