AUSTIN, Texas, Mar. 19, 2026, CyberNewswire—SpyCloud, the leader in identity threat protection, today released its annual 2026 Identity Exposure Report, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the … (more…) The post News alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacks first appeared on The Last Watchdog.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

SpyCloud's 2026 Identity Exposure Report reveals a sharp rise in non-human identity (NHI) attacks, with 18.1 million exposed API keys and tokens recaptured in 2025. Attackers are increasingly targeting session cookies, authentication tokens, and machine credentials rather than just usernames and passwords. Key findings include 8.6 billion stolen cookies and session artifacts, a 400% YoY surge in phishing, 642.4 million credentials from 13.2 million infostealer infections, and 1.1 million password manager master passwords circulating in underground sources. The report warns that NHIs often lack MFA enforcement and rotate infrequently, making them high-value targets with broad access to cloud and enterprise systems.