Tech Cybersecurity Report

SpyCloud 2026 Identity Exposure Report Release

Analysis based on 10 articles · First reported Mar 19, 2026 · Last updated Mar 22, 2026

Sentiment

-20

Attention

Articles

Market Impact

Direct

Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard

Market Impact

The report from SpyCloud highlights a significant increase in identity exposure, including non-human identities, which could lead to increased cybersecurity spending across industries. This trend suggests a negative impact on companies' security postures, potentially increasing their operational risks and costs.

Cybersecurity Information technology Cloud computing

Event Summary

SpyCloud released its annual 2026 Identity Exposure Report, revealing a 23% increase in recaptured identity data, totaling 65.7 billion records. The report emphasizes a structural shift in cyber threats, with attackers increasingly targeting non-human identities (NHIs) like API keys and session tokens, in addition to traditional credentials. SpyCloud recaptured 18.1 million exposed API keys and tokens and 6.2 million credentials tied to AI tools in 2025. The report also notes a surge in phishing attacks, with 28.6 million phished identity records, nearly half of which were corporate users. Session theft remains prevalent, with 8.6 billion stolen cookies and session artifacts exposed. Infostealer malware contributed over 642.4 million exposed credentials from 13.2 million infections. The report underscores the need for continuous identity threat protection for both human and machine identities, as attackers combine various data sources to fuel cybercrime. European Union===Europol, with Microsoft's support, disrupted the Tycoon 2FA phishing-as-a-service infrastructure, an effort SpyCloud contributed to.

Key Actions

100 SpyCloud released annual 2026 Identity Exposure Report

70 European Union===Europol executed coordinated seizure of phishing infrastructure Tycoon 2FA

60 SpyCloud supported global disruption effort European Union===Europol

Entities Involved

priv

SpyCloud

SpyCloud released its 2026 Identity Exposure Report, highlighting a significant increase in identity exposure, particularly non-human identities. This report reinforces SpyCloud's position as a leader in identity threat protection and provides valuable insights into evolving cyber threats.

Importance 100 Sentiment 20

per

Trevor Hilligoss

As Chief Intelligence Officer at SpyCloud, Trevor Hilligoss provided key insights and commentary on the structural shift in identity exploitation, emphasizing the growing threat of non-human identity theft.

Importance 70 Sentiment 10

govactor

European Union===Europol

European Union===Europol, in partnership with Microsoft, executed a coordinated seizure of Tycoon 2FA, a major phishing-as-a-service infrastructure, disrupting its operational capabilities. SpyCloud supported this global effort.

Importance 40 Sentiment 10

priv

Tycoon 2FA

Tycoon 2FA was identified as a major phishing-as-a-service infrastructure that enabled widespread MFA bypass. Its operational capabilities were significantly disrupted by European Union===Europol and Microsoft.

Importance 40 Sentiment -50

stock

Microsoft

Microsoft was involved in a partnership with European Union===Europol to disrupt the Tycoon 2FA phishing infrastructure. The report also mentions MFA bypass campaigns targeting Microsoft 365 environments.

Importance 30 Sentiment 0

Relationships

Trevor Hilligoss related ↔ SpyCloud

SpyCloud related ↔ European Union===Europol

Microsoft related ↔ European Union===Europol

NEWSDESK

Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard