Hackers launched fewer, but more impactful attacks in 2025, says NordPass

A report from password management provider NordPass reveals that hackers compromised fewer databases in 2025 but their attacks in general were more impactful and compromised vast amounts of sensitive information.

 

NordPass researchers said an analysis of nearly 10,000 major database leaks and more than 7.8 billion exposed email records over the past couple of years revealed a new phenomenon- that hackers had begun carrying out more stealthy cyber attacks targeting major databases - an increasing focus on the quality of attacks over quantity.

 

The overall number of database leaks in 2025 fell by 36.9% compared to the previous year, a trend that reflects an increasing preference for infostealer malware as opposed to the reliance on credential stuffing to compromise centralised databases.

 

"Infostealer data will remain one of the most attractive commodities for threat actors. Its simplicity, low price, and limited need for technical skills are the main driving factors behind its growing popularity," the researchers said. 

 

"While databases have their own place in the underground, infostealer data is far more effective in comparison. Attackers don’t have to rely on credential stuffing since they already know their targets. This gives them a direct path to compromised accounts, making their attacks faster, more precise, and more successful."

 

The number of reported database leaks in 2025 was a paltry 3,033, compared to 4,804 in 2024 and astronomical numbers of 12,670 and 12,190 in 2020 and 2021. The United States (187 leaks) and India (121 leaks) suffered the most database leaks last year while Russia and some European countries reported fewer leaks compared to 2024.

 

Hackers were selective in targeting industries that offered the maximum returns, while reducing attacks on certain sectors where database leaks were not significant. NordPass researchers observed a notable increase in leaks involving technology, education, and e-commerce organisations that collect large volumes of customer data.

 

"Although the number of leaks declined across most industries, leak sizes often increased. For example, technology and e-commerce leaks frequently exposed hundreds of thousands of email addresses per incident. Financial sector breaches, though fewer in number, tended to involve larger datasets, amplifying their impact," the firm said.

 

Karolis Arbačiauskas, head of product at NordPass, says data leaks will continue to increase in the coming years as attackers will rely on infostealer malware, phishing, and ransomware extortion to obtain and monetise credentials and this trend will accelerate with the arrival of new tools.

 

"The data leak risks will continue to evolve as criminal enterprises continue to thrive. The rising popularity of LLMs will catalyze it even further, just like in other fields. Attackers will use AI tools to craft better phishing emails, create malware, use agentic software, or find weak points faster. 

 

"Businesses and individuals need to stay alert and update their security practices. Strong password policies and regular software updates should remain key defences against these threats," Arbačiauskas said.