Cybersecurity experts are sounding the alarm after a staggering 184 million login credentials were found exposed online in a recently discovered breach. The leaked data includes usernames, passwords, and login links for major platforms such as Google, Facebook, Microsoft, Roblox, Instagram, Snapchat, and even banking, health, and government accounts. Researcher Jeremiah Fowler, who uncovered the breach, says the data appears to have been harvested by a type of malware known as an infostealer.
Infostealers are among the most dangerous malware threats in circulation today. According to IBM’s 2025 X-Force Threat Intelligence report, there has been an 84% surge in infostealer incidents in 2024. These stealthy programs are designed to quietly infiltrate a user’s device, remain undetected, and siphon off valuable data—including login credentials, credit card numbers, email contents, chat messages, and even cryptocurrency wallet keys.
Kevin Albano, Global Head of X-Force Threat Intelligence at IBM, explains that infostealers not only steal sensitive personal information but also evade standard security measures, making them especially hard to detect. These malicious programs send stolen data back to command-and-control servers controlled by cybercriminals, often before the user even suspects an infection.
Infostealers can capture nearly everything: passwords, screenshots of banking sessions, social security numbers, browsing cookies, form inputs, clipboard contents, and scanned documents like tax returns or passports. Most also include keyloggers, which record every keystroke a person makes—including those typed into login pages or payment forms.
Cybercriminals use a range of tactics to spread these threats. Traditional phishing emails still work, often carrying infected PDFs or links. But now, platforms like WhatsApp and other social messaging apps are also being used to deliver malware like the Coyote Banking Trojan. Malvertising and SEO poisoning, where harmful sites are pushed to the top of search engine results, are becoming more common. Victims are often lured by fake offers for free software or games and unknowingly download malware. Newer techniques, like “ClickFix,” trick users into pasting malicious codes into their browsers from hacked websites posing as legitimate security checks.
Jérôme Segura, a senior researcher at Malwarebytes, warns that infostealers are becoming harder to avoid. Unlike many malware types, they can infect both Windows and Mac systems and are often used to open the door to larger, coordinated attacks on corporate networks.
To protect against these threats, experts recommend a layered approach to cybersecurity. Keep your operating system and software up to date, avoid downloading files or clicking links from unknown sources, and only install apps from official stores. Use multifactor authentication (MFA) to add an extra layer of security to your accounts, and rely on password managers instead of storing login credentials in your browser. According to Segura, these basic steps can significantly reduce the risk of infection.
As the scale and sophistication of infostealer attacks increase, practicing strong cyber hygiene is now more important than ever. A few smart precautions today could save you from devastating data loss or financial fraud tomorrow.