Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches

Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches

This year’s Verizon 2025 Data Breach Investigations Report highlights the surge in breaches due to increasing third-party exposure and machine credential abuse, which have doubled in impact. Organizations are urged to adopt an integrated identity governance strategy that encompasses all identities—human, non-employee, and machine. The report emphasizes that fragmented identity governance poses significant risks, necessitating a comprehensive approach to security.

Keypoints :

  • Third-party involvement in data breaches increased from 15% to 30% year-over-year, indicating rising risks.
  • Machine credential abuse has become a primary method for attackers, exploiting ungoverned machine accounts to gain unauthorized access.
  • Organizations must extend identity governance to non-employees, ensuring timely deactivation and visibility for all users.
  • Many breaches arose from poor lifecycle management of third-party identities, emphasizing the need for robust oversight.
  • Machine identities, including bots and service accounts, are growing rapidly without adequate management, heightening security vulnerabilities.
  • Fragmented identity governance can lead to significant security gaps, leaving organizations exposed to attacks.
  • A unified security strategy for all identities—human, non-employee, and machine—is essential to bolster defenses against modern threats.
  • SailPoint offers solutions for comprehensive identity security across diverse environments, ensuring every identity is effectively governed.
  • The organization encourages exploring the evolution of machine identities and the limitations of traditional security models.

Read More: https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html