1.7 Billion Passwords Leaked On Dark Web And Why Yours Is At Risk

Cybercriminals aren't conscionable going aft large targets anymore. 

They're going aft everyone, and they're doing it pinch infostealer malware. These small, sneaky programs are softly stealing passwords, browser information and login tokens from mundane devices. 

A caller study shows conscionable really retired of power nan problem has become, pinch infostealer activity jumping 500% successful conscionable 1 year, harvesting much than 1.7 cardinal caller credentials.

Join nan FREE "CyberGuy Report": Get my master tech tips, captious information alerts and exclusive deals, positive instant entree to my free "Ultimate Scam Survival Guide" erstwhile you motion up!

A hacker astatine work (Kurt "CyberGuy" Knutsson)

The industrialization of credential theft

In 2024, cybersecurity researchers astatine Fortinet observed a staggering surge successful stolen login data being traded connected nan acheronian web. Over 1.7 cardinal credentials were harvested not from aged breaches but done progressive infections connected users’ devices.

At nan bosom of this pandemic is simply a people of malware called infostealers, which are programs designed specifically to extract sensitive information for illustration usernames, passwords, browser cookies, email logins, crypto wallets and convention tokens. Unlike large-scale information breaches that target centralized databases, infostealers run connected individual machines. They don’t break into a company’s servers; they discuss nan extremity user, often without nan unfortunate ever noticing. 

These logs are past aggregated and sold by first entree brokers, intermediaries who waste compromised credentials and entree tokens to different cybercriminal groups, including ransomware operators. The marketplace has matured to nan constituent wherever entree to a firm VPN, an admin dashboard aliases moreover a individual slope relationship tin beryllium purchased astatine scale, pinch verified functionality and region-specific pricing.

Fortinet’s 2025 Global Threat Landscape Report identified a 500% summation successful credential logs from infostealer infections complete nan past year. Among nan astir wide and vulnerable infostealers identified successful nan study are RedLine, Vidar and Raccoon. 

A hacker astatine work (Kurt "CyberGuy" Knutsson)

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH

How infostealers work

Infostealers are typically distributed done phishing emails, malicious browser extensions, clone package installers aliases cracked applications. Once installed connected a device, they scan browser databases, autofill records, saved passwords and section files for immoderate credential-related data. Many besides look for integer wallets, FTP credentials and unreality work logins.

Crucially, galore infostealers besides exfiltrate convention tokens and authentication cookies, meaning that moreover users who trust connected multifactor authentication are not wholly safe. With a stolen convention token, an attacker tin bypass multifactor authentication wholly and presume power of nan convention without ever needing to log successful manually.

Once collected, nan information is uploaded to a bid and power server. From there, it's either utilized straight by attackers aliases bundled into logs and sold connected forums. These logs tin see everything from nan victim’s IP reside and geolocation to their browser fingerprint and afloat credential list, giving attackers everything they request to transportation retired further exploitation aliases impersonation.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A man moving connected his individual and activity laptops (Kurt "CyberGuy" Knutsson)

HR FIRM CONFIRMS 4M RECORDS EXPOSED IN MAJOR HACK

5 ways to enactment safe from infostealer malware

With infostealer malware becoming a increasing threat, protecting your information requires a operation of smart information habits and reliable tools. Here are 5 effective ways to support your accusation safe.

1. Use a password manager: Many infostealers target saved passwords successful web browsers. Instead of relying connected your browser to shop credentials, usage a dedicated password manager. Our No. 1 prime has a built-in Data Breach Scanner that lets you cheque if your accusation has been exposed successful known breaches. Get much specifications astir my best expert-reviewed Password Managers of 2025 here.

2. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an other furniture of information by requiring a 2nd shape of verification, specified arsenic a codification from an authentication app aliases biometric confirmation. Cybercriminals trust connected stolen usernames and passwords to break into accounts, but pinch 2FA enabled, they cannot summation entree without nan further information step. Make judge to alteration 2FA connected important accounts for illustration email, banking and work-related logins.

3. Use beardown antivirus package and beryllium cautious pinch downloads and links: Infostealer malware often spreads done malicious downloads, phishing emails and clone websites. Avoid downloading package aliases files from untrusted sources and ever double-check links earlier clicking them. Attackers disguise malware arsenic morganatic software, crippled cheats aliases cracked applications, truthful it is champion to instrumentality to charismatic websites and app stores for downloads.

The champion measurement to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus package installed connected each your devices. This protection tin besides alert you to phishing emails and ransomware scams, keeping your individual accusation and integer assets safe. Get my picks of nan champion 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Keep package updated: Cybercriminals utilization outdated package to present malware. Keeping your operating system, browsers and information package up to date ensures that known vulnerabilities are patched. Enable automatic updates whenever imaginable and instal reputable antivirus aliases endpoint protection package that tin observe and artifact infostealer threats earlier they discuss your system.

5. Consider a individual information removal service: These services tin thief region your individual accusation from information agent sites, reducing your consequence of personality theft, spam and targeted scams. While nary work tin guarantee nan complete removal of your information from nan internet, a information removal work is really a smart choice. They aren’t cheap, and neither is your privacy.

These services do each nan activity for you by actively monitoring and systematically erasing your individual accusation from hundreds of websites. It’s what gives maine bid of mind and has proven to beryllium nan astir effective measurement to erase your individual information from nan internet. By limiting nan accusation available, you trim nan consequence of scammers cross-referencing information from breaches pinch accusation they mightiness find connected nan acheronian web, making it harder for them to target you. Check retired my apical picks for information removal services here.

HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

Kurt’s cardinal takeaway

The 1.7 cardinal passwords leaked successful 2024 are not a relic of past breaches. They’re grounds of an evolving, industrialized cybercrime system built connected nan backs of unsuspecting users and softly infected devices. The devices are cheap, nan standard is monolithic and nan effect is personal. If you’ve ever saved a password successful a browser, downloaded an unofficial app aliases clicked a nexus successful a sketchy email, your credentials whitethorn already beryllium successful circulation.

CLICK HERE TO GET THE FOX NEWS APP

Who do you deliberation should beryllium chiefly responsible for protecting individual and organizational information from cyber threats: individual users, companies, package providers aliases authorities agencies? Why? Let america cognize by penning america at Cyberguy.com/Contact.

For much of my tech tips and information alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a mobility aliases fto america cognize what stories you'd for illustration america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to nan most-asked CyberGuy questions:

• What is nan champion measurement to protect your Mac, Windows, iPhone and Android devices from getting hacked?
• What is nan champion measurement to enactment private, unafraid and anonymous while browsing nan web?
• How tin I get free of robocalls pinch apps and information removal services?
• How do I region my backstage information from nan internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy's exclusive coupons and deals
• Best gifts for Mom 2025

Copyright 2025 CyberGuy.com. All authorities reserved.