Technology

Billions of Passwords Leaked: Experts Warn of Rising Infostealer Malware Threat

by Lucas Knight - 1 month ago - 3 min read

Hackers have reportedly leaked a jaw-dropping 16 billion login credentials, covering everything from Apple and Facebook to online banking and shopping accounts. Cybersecurity experts are calling this wave of breaches a “cyber plague,” blaming the explosion on infostealer malware—sneaky programs that silently grab usernames, passwords, and other sensitive info right from people’s devices.

What Happened?

Cybersecurity researchers at Cybernews uncovered a mountain of data: 30 separate datasets, each packed with tens of millions to over 3.5 billion usernames and passwords. These aren’t just leftovers from ancient breaches. A significant chunk of this data is fresh, scooped up in recent months by infostealer malware lurking on unsuspecting devices. The credentials cover just about every major platform—Apple, Google, Facebook, GitHub, Telegram, and even government sites are all in the mix.

How Did This Happen?

Infostealer malware is the digital world’s pickpocket. It sneaks onto your device through phishing emails, shady downloads, or compromised websites. Once inside, it quietly grabs your usernames, passwords, tokens, and cookies—sometimes even enough to bypass two-factor authentication. The stolen info is bundled up and sold on dark web forums, fueling everything from phishing scams to ransomware and account takeovers.

Who’s at Risk?

Short answer: everyone. No tech giant was directly breached—this leak is a patchwork of stolen credentials from countless sources and malware campaigns over time. The result? Criminals now have a playbook for mass exploitation, with billions of ways to try their luck at breaking into your accounts.

Is It All New?

Not entirely. Some experts point out that there are lots of duplicates and some recycled data from past leaks. But the inclusion of new, recently stolen credentials and session tokens makes this trove especially dangerous, and it’s impossible to say exactly how many unique people are affected.

What Should You Do Now?

  • Change your passwords—especially if you reuse them across sites.
  • Switch to passkeys or passwordless logins where possible; Google is pushing for this as a safer alternative.
  • Turn on two-factor authentication for every account that offers it.
  • Be hyper-aware of phishing attempts—don’t click suspicious links in emails or texts.
  • Check if your info has been compromised using tools like 'Have I Been Pwned?'.

This isn’t just another breach headline. It’s a wake-up call for anyone with an online presence. The digital locks we trust are only as strong as our habits—now’s the time to change them.

Trending

Trump Says ‘Wealthy’ Group Ready to Buy TikTok US Operations
Meta Hires Four more OpenAI Researchers
Meta Acquires Play AI
Meta refuses to sign EU’s AI code of practice, calling it an overreach
CoreWeave Becomes First Cloud Provider to Deploy Nvidia’s Blackwell Ultra GPUs via Dell
Nvidia Insiders Sell Over $1 Billion in Stock Amid Record AI-Driven Stock Surge
Global Outage Hits Elon Musk’s Starlink Network, Users Left Without Service for Hours
Replit Strikes Major Deal with Microsoft, Ditches Google Cloud