Stolen credentials saw a significant increase of 160% in the year 2025.
In the digital age, where technology continues to advance, so does the sophistication of cyber threats. In 2025, the use of Artificial Intelligence (AI) has significantly amplified phishing attacks, causing a sharp rise in credential theft and data breaches.
According to recent reports, over 3 billion phishing emails are sent daily, and 57% of organizations encounter phishing scams weekly or daily. AI-driven phishing exploits more convincing, personalized communications, including deepfakes and automated tailored emails, enabling attackers to effectively harvest credentials and compromise accounts at scale.
The impact is evident in escalating data breaches. In the first half of 2025, over 165 million people in the U.S. alone were affected, with cyberattacks—largely phishing-related—leading to 1,348 breaches. Phishing combined with AI-enhanced attacks contributes to multi-vector breaches, threatening business continuity, especially for Small and Medium-sized Businesses (SMBs), which are now prime targets.
The surge in compromised credentials can be attributed to the increasing use of AI in phishing attacks and an increase in stealer families. Check Point reported 14,000 cases of employee credentials being exposed in data breaches in one month alone. To combat this, organisations are recommended to tighten password management policies, implement multi-factor authentication (MFA), and prioritise single sign-on (SSO) over direct credential logins.
Network-level protections, such as intrusion detection systems and firewalls, should also be utilised. To prevent brute-force attacks and cross-account credential stuffing, login attempts should be limited. Access to third-party websites should be restricted, and user access rights should be limited to the bare minimum necessary.
Moreover, employee training to recognise and resist phishing attempts is crucial. Less-experienced threat actors are entering the field using Malware as a Service offerings on the dark web, making it essential for everyone to stay vigilant.
The websites most frequently impacted by leaked credential attacks are those owned by Discord, Microsoft, Facebook, Gmail, and Roblox. Brazil and India have the highest rates of compromised credentials, at 7.64% and 7.10% respectively.
In summary, AI has greatly enhanced the scale, sophistication, and success rates of phishing attacks in 2025, directly driving increased credential theft and data breaches worldwide, with critical sectors and millions of individuals suffering consequential damage and losses. It is essential for organisations and individuals to take proactive measures to protect themselves from these threats.
Read also:
- International marketing firm We Are Social intensifies global strategy for gaming industry
- Server Hazards: Top 4 Pests Imperiling Your Data Center and Preventive Measures
- U.S. Accuses Chinese Individuals of Illegally Exporting Nvidia Artificial Intelligence Processors to China
- Respiratory Infections: Recognizing Signs, Medical Solutions, and Homemade Cures
