Stolen data: Over 1 million alerts for data on the dark web and an increase in cases on the open web

• 1.15 million alerts sent in relation to online data exposure on the dark web and 33,700 on the open web in the first half of 2025.
• Italy ranked 6th in the world for compromised e-mail addresses, with 36.4% of users receiving at least one alert, of which 86.7% were related to data found on the dark web. The regions in Italy most affected were Lazio, Lombardy, Sicily, and Campania.
• Criminals are constantly devising new, more sophisticated scams, such as likejacking and fake QR codes.

In the first half of 2025, approximately 1.2 million alerts were issued concerning the exposure of personal data online, highlighting the growing prevalence of this issue and the challenges users face in protecting themselves against attacks such as phishing¹, smishing², vishing³, spear phishing⁴, and infostealers⁵, which can compromise devices without the victim noticing.

Most alerts were related to the dark web, totaling 1.15 million, confirming that the dark web continues to be the primary channel for data exposure. However, the increase in public web alerts is concerning, reaching 33,700 alerts—a 43% rise compared to the second half of 2024.

More specifically, the most commonly detected information on the open web included e-mail addresses, tax codes, and phone numbers. Although the regulatory framework for privacy has been strengthened to protect users, some personal data remains exposed on the public web. At the same time, the increasing threats on the dark web demand even more rigorous and informed protection of digital information.

These are some of the findings from the CRIF Cyber Observatory, which examines the vulnerability of users and companies to cyber-attacks. It highlights the key trends regarding data shared on both the dark web and the open web.

Italy is certainly not immune to threats from cybercriminals, ranking 6th in the world for compromised e-mail addresses circulating on the dark web. In addition, Italy ranks 22nd in the world for the number of credit card details in circulation and is 16th in Europe for phone numbers, which are crucial in many online scams, including smishing.

Criminals are constantly coming up with even more sophisticated scams

According to the Cyber Observatory, cyber-attacks are becoming increasingly sophisticated, and new scams are emerging that exploit users’ digital habits to target them even more effectively. One of the most deceptive scams is the fake QR code, which is often placed on parking meters or in other public areas. Once scanned, they redirect users to malicious sites that mimic official ones in order to steal personal information or make fraudulent payments.

Likejacking is also common, taking place through social media and messaging apps, where it promises easy money in exchange for online interactions. To protect yourself, it's important to verify the authenticity of websites, avoid suspicious QR codes, and regularly monitor your banking transactions.

“Data from the first half of 2025 shows a troubling shift in digital threats: Attacks are becoming more sophisticated and are leveraging AI-based tools to launch targeted, credible campaigns. Criminals are using techniques such as deepfakes, vishing, and AI-generated malware to create hyper-realistic content and personalized lures that are hard to detect and counter. This makes the adoption of advanced security tools and the constant monitoring of personal data on the dark web even more urgent”, commented Beatrice Rubini, Executive Director of CRIF’s Mister Credit line. She continues, “A real-life example is the recent attack on several Italian hotels, where the identity documents of guests were stolen and sold on dark web forums. This information could be used for targeted fraud and identity theft, resulting in serious consequences for victims. Cases like this show how important it is to strengthen security in the most exposed sectors and to raise users’ awareness of the risks.”

Data combinations most exposed to fraud

Personal data serves as a gateway to digital identities; once compromised, it can be exploited for a wide range of attacks.

Analyzing the main combinations of exposed data, it can be seen that, in the first half of 2025, the combination of e-mail address and password was the most frequent, occurring in 91.7% of cases, with the password-username combination occurring in 84.9% of cases.

Source: CRIF Cyber Observatory

Focus on Italy

Overall, 36.4% of users received at least one alert in the first half of 2025, 86.7% of which referred to data detected on the dark web, while only 13.5% related to data on the open web.

“In a world where AI has become a powerful weapon in the hands of cybercriminals, digital education remains a strategic prevention tool…” concluded Beatrice Rubini.

¹ Phishing: Cyber fraud aimed at stealing personal information through deceptive e-mails.
² Smishing: Cyber fraud through SMS or messaging apps such as WhatsApp.
³ Vishing (voice phishing): A cyber scam that uses phone calls or voice messages to steal personal data.
⁴ Spear phishing: A cyber scam that uses personalized messages to steal information from targeted victims.
⁵ Infostealer: Malware designed to automatically steal confidential information from infected devices.