Digital identity theft is becoming more complicated

Digital identity is becoming a common target for cybercriminals who are hacking their way into organizations or leaking identity credentials for financial gain. But the story is not that simple: When it comes to securing digital identity, organizations are faced with many questions, including what makes a security threat and whether non-human identities, such as AI agents, deserve the same concern.

As of July, there has been an increase of more than 160 percent in leaked credentials compared to 2024, data from cybersecurity company Cyberint shows. The increase could be due to several factors, including the rising use of AI, more sophisticated phishing and malware.

The company also says that it takes 94 days on average for businesses to revoke or disable affected accounts.

“This suggests that businesses struggle to identify leaked login information quickly, giving threat actors plenty of time to take advantage of it,” Cyberint says in a report.

Brazil and India have especially high rates of credential theft, while credential leakage for U.S.-based users has declined significantly since 2024.

Organizations face several dangers when credentials are stolen, including account takeovers, which allow threat actors to gain unauthorized access and conduct phishing and financial scams. Attackers also use credentials to break into other accounts.

Cybersecurity companies point out that companies should implement measures to protect digital identities, including the usual suspects such as single sign-ons (SSO), multifactor authentication (MFA). But new research also suggests that identity attacks are not always so easy to recognize.

When an identity threat is not really a threat

Cybersecurity company Red Canary, for instance, recorded a “dramatic rise” in identity threats this year. This firm had almost 500 percent more detections related to cloud accounts during the first six months of 2025 compared to the entirety of 2024.

But the reason behind the spike is not just because adversaries are increasingly targeting identities. The detections are mostly related to suspicious logins, which are now being recorded more frequently because of the introduction of new detection tools, including AI agents, according to the company’s 2025 Mid-Year Threat Report.

“Some of this increase is being driven by new methods for detecting logins emanating from unusual IP spaces, locations, or suspicious virtual private networks (VPNs),” says the report. “Some of these logins are obviously suspect, while others are kind of ambiguous.”

Suspicious logins, however, still represent a risk to organizations, which are now faced with a choice on whether to investigate or not, Red Canary notes.

Meanwhile, protecting only human identity may no longer be enough.

Expanding digital identity protection to non-humans

In a recent interview discussing the security of Australian public agencies, cybersecurity expert Derek Moir warned that too many agencies are treating identity as something that applies only to humans. In order to prevent systemic breaches, agencies adopting cloud solutions and software-as-a-service platforms must secure both machine and human identities, the CyberArk Head of Public Sector said last week during an InnovationAus podcast.

“AI agents, chatbots, containers, IoT sensors – all of these have credentials, permissions, and access rights,” says Moir. “And yet, 62 per cent of organisations don’t even consider them as identities. That creates a huge, unprotected surface.”

As an identity security company, Cyberark has detected a 1,600 percent increase in machine identity-related attacks. At the same time, only 62 percent of agencies or organizations do not see machines as an identity, he adds.

This is especially relevant for public agencies, as hackers can get access to payments. Many agencies, however, have separated identity management from cybersecurity.

And while digital identity theft is rising, criminals are also busy stealing our non-digital identities.

UK sees 118K cases of identity fraud in 6 months

The first six months of 2025 saw more than 118,000 cases of identity fraud reported to the National Fraud Database (NFD), operated by UK-based Cifas. Although this represents a seven percent year-on-year decrease, the anti-fraud association says that identity fraud still accounts for the majority of cases recorded in the database.

The majority of identity fraud was recorded in the bank account and plastic card sectors (63 percent of all cases), according to Cifas’ latest Fraudscape report.

Identity fraud in the public sector surged by 88 percent, with criminals particularly targeting driving license applications by exploiting victims’ former addresses. The insurance industry experienced a 25 percent increase in fraudulent activity, primarily through deceptive applications and identity theft schemes targeting motor insurance policies.

Meanwhile, gambling platforms faced the most dramatic spike, with identity fraud climbing 109 percent as criminals took advantage of weak customer verification processes, including the abuse of deceased persons’ identities during account registration.

The report shows that mobile account takeovers are replacing impersonation as the most popular fraud tactic. Cifas also warns of a worrying trend of individuals selling their own identities in exchange for money.

Overall, the association’s members reported over 217,000 fraud risk cases from January to June this year, a rise of only one percent but a record number for a six-month period. The trend was driven by economic pressures, normalization of first-party fraud, risky consumer behavior and the use of AI tools, Cifas notes.

Article Topics

Cifas  |  CyberArk  |  cybersecurity  |  digital identity  |  fraud prevention  |  identity security  |  identity theft