A new analysis of credential leaks suggests that some of the world’s largest companies continue to face widespread exposure through weak passwords, user errors, and the growing use of automated attack tools. According to joint research from Social Links and ParanoidLab, nearly 880,000 leaked credentials connected to 50 major corporations surfaced across public and private data sources in the second quarter of 2025.
The dataset includes both corporate accounts and external user logins collected from infostealer logs, combo lists, darknet forums, and Telegram channels. In total, researchers examined 879,654 leaked records, with 263,669 corporate-domain credentials and another 615,986 tied to user accounts outside corporate networks.
Telecom Providers Shoulder the Largest Exposure
The findings show wide variation in exposure levels across industries, with the telecom sector experiencing the heaviest volume of leaks. Companies such as AT&T, BT Group, and Verizon accounted for more than 344,000 compromised credentials in Q2 alone — a reflection of both the size of their customer bases and the attractiveness of their systems to attackers.
Retail and e-commerce platforms followed, logging 145,000+ leaked credentials across brands including Walmart, Etsy, and Rakuten. Transportation companies such as Uber and EasyJet reported over 140,000 compromised accounts, while major delivery operators — FedEx, UPS, DHL, and others — collectively saw 100,840 exposed credentials.
Banks recorded a comparatively lower total of 86,974 leaked accounts, but researchers noted that poor password hygiene at institutions like SBI and China Construction Bank sharply increased operational risk despite fewer overall leaks.
Password Hygiene Remains Alarmingly Weak Across Industries
One of the most consistent patterns in the research is the continued reliance on weak or predictable passwords. Only 26.5% of all credentials analyzed met high-security criteria. Many users still rely on variants of common passwords such as “password,” “123456,” and “admin,” creating an easy entry point for automated attack systems and phishing campaigns. Among corporate accounts in particular, the rate of weak credentials ranged from 71% to 92%, depending on the industry.
Many users still rely on variants of common passwords such as “password,” “123456,” and “admin,” creating an easy entry point for automated attack systems and phishing campaigns.
AI-Driven Threats Amplify Human Vulnerabilities
The surge of leaked credentials aligns with a broader shift toward AI-powered cyberattacks. According to the report, phishing activity has grown by 1,265%, with AI-generated messages now representing more than 80% of all phishing attempts. Generative AI–driven fraud is also accelerating, expected to rise from $12.3 billion in 2023 to $40 billion by 2027, as attackers use automation to personalize lures and probe weak authentication practices at scale.
Industry Response: A Shift Back Toward Identity Protection
Security experts note that much of today’s exposure stems from the growing availability of infostealer logs and automated credential-harvesting tools. Commenting on the findings, Hieu Ngo (HieuPC), a well-known cyber threat investigator and founder of the anti-scam initiative Chongluadao, points out that attackers are no longer trying to break through hardened infrastructure. Instead, they are redirecting efforts toward human vulnerabilities, using industrial-scale phishing tools and AI-driven impersonation techniques to harvest login data with minimal effort.
According to Ngo, every leaked password effectively becomes “a potential key to internal systems, financial data, and customer trust,” underscoring how user errors and basic password flaws remain the most common paths into corporate networks. He argues that organizations must rethink their defensive models, shifting from an infrastructure-centric mindset toward strategies that prioritize user identity security and continuous monitoring of account behavior.
Looking Ahead
The findings point to a fundamental shift in how breaches occur. Security controls built around infrastructure are proving insufficient when the weakest link is often a person reusing passwords or working with minimal access restrictions. Well-resourced organizations face the same issue: a single exposed credential can undermine even complex systems. As attackers increasingly rely on automation, AI-assisted phishing, and open-source reconnaissance, they gain a clearer view of potential entry points than many defenders. This imbalance is steering security teams toward a different priority — placing identity protection and user-level risk at the center of their defensive planning.
