Surge in Cybercrime: 1.7 Billion Passwords Compromised — Are You at Risk?

Cybercriminals have broadened their scope, abandoning the pursuit of merely large-scale targets. Today, they are focusing on individual users, employing infostealer malware that silently collects passwords, browser data, and login tokens from personal devices.

A recent report has revealed alarming statistics, showing a staggering increase in infostealer activity. The last year alone saw a 500% rise, resulting in the harvesting of over 1.7 billion fresh credentials.

In 2024, cybersecurity experts from Fortinet documented an unprecedented spike in stolen login data circulating on the dark web. More than 1.7 billion credentials were not just rehashed from previous breaches but were collected through actual infections on users’ devices.

The Rising Threat of Infostealer Malware

Infostealers are sophisticated pieces of malware explicitly crafted to capture sensitive information such as usernames, passwords, browser cookies, email logins, cryptocurrency wallets, and session tokens. Unlike traditional data breaches that compromise centralized databases, infostealers operate by infiltrating individual machines. They exploit vulnerabilities on personal devices without the victims even realizing they have been compromised.

The compromised data is then aggregated and sold by initial access brokers, who act as middlemen, facilitating transactions between cybercriminals. This market has evolved, allowing traffickers to sell access to corporate VPNs, admin dashboards, and even personal bank accounts, complete with verified functionality and localized pricing.

A Glimpse into the Infostealer Economy

The 2025 Global Threat Landscape Report by Fortinet indicates a 500% rise in credential logs sourced from infostealer infections within just one year. The report highlights several prevalent and dangerous infostealers, including RedLine, Vidar, and Raccoon.

Infostealer malware typically spreads through various channels, including phishing emails, malicious browser extensions, fake software installations, and cracked applications. Upon installation, these programs conduct extensive scans of browsers for saved credentials, autofill records, and local files.

Moreover, many infostealers capture session tokens and authentication cookies, which can pose a substantial risk. Even users relying on multifactor authentication find themselves vulnerable; an attacker with a stolen session token can bypass the security protocols entirely, seizing control of active sessions without needing manual login.

How Infostealers Operate

Once data is collected, it is uploaded to a command and control server. Attackers can either use this information directly or package it into logs for sale on illicit forums. These logs often contain detailed information about the victim, including IP addresses, geolocation, browser fingerprints, and comprehensive credential lists, which provide cybercriminals with all they need for further exploitation.

Protecting Yourself in the Digital Age

As infostealer malware becomes an ever-growing threat, safeguarding personal data is more crucial than ever. Here are five effective strategies to enhance your security:

1. Utilize a Password Manager

Many infostealers primarily target saved passwords in browsers. Instead of relying on browsers for password management, opt for a dedicated password manager. Many popular choices come equipped with a built-in Data Breach Scanner, allowing you to monitor if your information has been compromised in known breaches.

2. Enable Two-Factor Authentication

Two-factor authentication offers an additional security layer even if your login credentials are breached. This process requires a second form of verification, such as an authentication app or biometric confirmation. Cybercriminals may exploit stolen usernames and passwords, but they cannot access accounts with 2FA in place.

3. Invest in Strong Antivirus Software

Infostealer malware often propagates through malicious downloads, phishing emails, and phishing websites. To avoid falling victim, refrain from downloading software from untrusted sources and scrutinize links before clicking. Robust antivirus software is essential for detecting and blocking these threats. It can also alert you to phishing attempts, safeguarding your personal information.

4. Keep Software Up to Date

Cybercriminals exploit outdated software to deploy malware. Regular updates to operating systems, browsers, and antivirus programs protect against known vulnerabilities, thereby preventing potential breaches. Enable automatic updates whenever possible for enhanced security.

5. Consider Data Removal Services

To mitigate your risk of identity theft and targeted scams, data removal services can help erase your personal information from data broker sites. Although these services may not guarantee complete data removal from the internet, they are a worthwhile investment for privacy. They actively monitor and systematically remove your personal information from various platforms.

The New Reality of Cybersecurity

The staggering figure of 1.7 billion passwords compromised in 2024 reflects not a distant memory of past breaches but the ongoing evolution of a sophisticated cybercrime ecosystem. This scenario instills a sense of urgency among users to reevaluate their cybersecurity practices. The tools available to cybercriminals are affordable, the scale of operations is vast, and the impact on individuals can be personal and devastating.

If you have ever saved a password in a browser, downloaded unofficial software, or clicked on questionable links, your credentials may already be in circulation within the dark web.

The responsibility for safeguarding personal and organizational data lies with everyone, from individual users to companies and software providers. The question remains: who should bear the primary responsibility in this shared cybersecurity landscape?

For ongoing tech tips and security alerts, consider subscribing to informed sources that keep you updated on emerging threats and protective measures.