1.7 billion passwords leaked on dark web and why yours is at risk

Cybercriminals aren't conscionable going aft large targets anymore. 

They're going aft everyone, and they're doing it with infostealer malware. These small, sneaky programs are softly stealing passwords, browser information and login tokens from mundane devices. 

A caller study shows conscionable however retired of power the occupation has become, with infostealer enactment jumping 500% successful conscionable 1 year, harvesting much than 1.7 cardinal caller credentials.

Join the FREE "CyberGuy Report": Get my adept tech tips, captious information alerts and exclusive deals, positive instant entree to my free "Ultimate Scam Survival Guide" erstwhile you motion up!

A hacker astatine work (Kurt "CyberGuy" Knutsson)

The industrialization of credential theft

In 2024, cybersecurity researchers astatine Fortinet observed a staggering surge successful stolen login information being traded connected the acheronian web. Over 1.7 cardinal credentials were harvested not from aged breaches but done progressive infections connected users’ devices.

At the bosom of this epidemic is simply a people of malware called infostealers, which are programs designed specifically to extract delicate accusation similar usernames, passwords, browser cookies, email logins, crypto wallets and league tokens. Unlike large-scale information breaches that people centralized databases, infostealers run connected idiosyncratic machines. They don’t interruption into a company’s servers; they compromise the extremity user, often without the unfortunate ever noticing. 

These logs are past aggregated and sold by archetypal entree brokers, intermediaries who merchantability compromised credentials and entree tokens to different cybercriminal groups, including ransomware operators. The marketplace has matured to the constituent wherever entree to a firm VPN, an admin dashboard oregon adjacent a idiosyncratic slope relationship tin beryllium purchased astatine scale, with verified functionality and region-specific pricing.

Fortinet’s 2025 Global Threat Landscape Report identified a 500% summation successful credential logs from infostealer infections implicit the past year. Among the astir wide and unsafe infostealers identified successful the study are RedLine, Vidar and Raccoon. 

A hacker astatine work (Kurt "CyberGuy" Knutsson)

200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH

How infostealers work

Infostealers are typically distributed done phishing emails, malicious browser extensions, fake bundle installers oregon cracked applications. Once installed connected a device, they scan browser databases, autofill records, saved passwords and section files for immoderate credential-related data. Many besides look for integer wallets, FTP credentials and unreality work logins.

Crucially, galore infostealers besides exfiltrate league tokens and authentication cookies, meaning that adjacent users who trust connected multifactor authentication are not wholly safe. With a stolen league token, an attacker tin bypass multifactor authentication wholly and presume power of the league without ever needing to log successful manually.

Once collected, the information is uploaded to a bid and power server. From there, it's either utilized straight by attackers oregon bundled into logs and sold connected forums. These logs tin see everything from the victim’s IP code and geolocation to their browser fingerprint and afloat credential list, giving attackers everything they request to transportation retired further exploitation oregon impersonation.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A antheral moving connected his idiosyncratic and enactment laptops (Kurt "CyberGuy" Knutsson)

HR FIRM CONFIRMS 4M RECORDS EXPOSED IN MAJOR HACK

5 ways to enactment harmless from infostealer malware

With infostealer malware becoming a increasing threat, protecting your information requires a premix of astute information habits and reliable tools. Here are 5 effectual ways to support your accusation safe.

1. Use a password manager: Many infostealers people saved passwords successful web browsers. Instead of relying connected your browser to store credentials, usage a dedicated password manager. Our No. 1 prime has a built-in Data Breach Scanner that lets you cheque if your accusation has been exposed successful known breaches. Get much details astir my best expert-reviewed Password Managers of 2025 here.

2. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an other furniture of information by requiring a 2nd signifier of verification, specified arsenic a codification from an authentication app oregon biometric confirmation. Cybercriminals trust connected stolen usernames and passwords to interruption into accounts, but with 2FA enabled, they cannot summation entree without the further information step. Make definite to alteration 2FA connected important accounts similar email, banking and work-related logins.

3. Use beardown antivirus bundle and beryllium cautious with downloads and links: Infostealer malware often spreads done malicious downloads, phishing emails and fake websites. Avoid downloading bundle oregon files from untrusted sources and ever double-check links earlier clicking them. Attackers disguise malware arsenic morganatic software, crippled cheats oregon cracked applications, truthful it is champion to instrumentality to authoritative websites and app stores for downloads.

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe. Get my picks of the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Keep bundle updated: Cybercriminals exploit outdated bundle to present malware. Keeping your operating system, browsers and information bundle up to day ensures that known vulnerabilities are patched. Enable automatic updates whenever imaginable and instal reputable antivirus oregon endpoint extortion bundle that tin observe and artifact infostealer threats earlier they compromise your system.

5. Consider a idiosyncratic information removal service: These services tin assistance region your idiosyncratic accusation from information broker sites, reducing your hazard of individuality theft, spam and targeted scams. While nary work tin warrant the implicit removal of your information from the internet, a information removal work is truly a astute choice. They aren’t cheap, and neither is your privacy.

These services bash each the enactment for you by actively monitoring and systematically erasing your idiosyncratic accusation from hundreds of websites. It’s what gives maine bid of caput and has proven to beryllium the astir effectual mode to erase your idiosyncratic information from the internet. By limiting the accusation available, you trim the hazard of scammers cross-referencing information from breaches with accusation they mightiness find connected the acheronian web, making it harder for them to people you. Check retired my apical picks for information removal services here.

HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

Kurt’s cardinal takeaway

The 1.7 cardinal passwords leaked successful 2024 are not a relic of past breaches. They’re grounds of an evolving, industrialized cybercrime system built connected the backs of unsuspecting users and softly infected devices. The tools are cheap, the standard is monolithic and the interaction is personal. If you’ve ever saved a password successful a browser, downloaded an unofficial app oregon clicked a nexus successful a sketchy email, your credentials whitethorn already beryllium successful circulation.

CLICK HERE TO GET THE FOX NEWS APP

Who bash you deliberation should beryllium chiefly liable for protecting idiosyncratic and organizational information from cyber threats: idiosyncratic users, companies, bundle providers oregon authorities agencies? Why? Let america cognize by penning america at Cyberguy.com/Contact.

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy's exclusive coupons and deals
• Best gifts for Mom 2025

Copyright 2025 CyberGuy.com. All rights reserved.