According to Simon Green, president of Asia-Pacific and Japan at Palo Alto Networks, the sheer scale of the 16 billion exposed credentials is alarming and certainly notable, but not entirely surprising for those on the front lines of cybersecurity.
“Many modern infostealers are designed with advanced evasion techniques, allowing them to bypass traditional, signature-based security controls, making them harder to detect and stop,” he added.
Consequently, there’s been an uptick in high-profile infostealer attacks. For example, in March, Microsoft Threat Intelligence disclosed a malicious campaign using infostealers that had affected nearly 1 million devices globally.
Infostealers typically gain access to victims’ devices by tricking them into downloading the malware, which can be hidden in everything from phishing emails to phony websites to search engine ads.
The motive behind infostealer attacks is usually financial, with attackers often looking to directly take over bank accounts, credit cards, and cryptocurrency wallets or commit identity fraud.
Cybercriminals can use stolen credentials and other personal data for purposes such as crafting highly convincing, personalized phishing attacks and blackmailing individuals or organizations.
According to Palo Alto’s Green, the scale and dangers of those types of infostealers have intensified, thanks to the growing prevalence of underground markets that offer “cybercrime-as-a-Service,” in which vendors charge customers for malicious tools, sensitive data and other illicit online services.
“Cyber crime-as-a-Service is the critical enabler here. It has fundamentally democratized cybercrime,” Green said.
Those underground markets — often hosted on the dark web — create demand for cybercriminals to steal personal information and then sell that to scammers.
In that way, data breaches become about more than just the individual accounts — they represent a “vast, interconnected web of compromised identities” that can fuel subsequent attacks, Green said.
According to Diachenko, it’s likely that at least some of the compromised login datasets he identified had or will be traded to online scammers.
On top of that, malware kits and other resources that can help to facilitate infostealer attacks can be found on those markets.
CNBC has reported on how the availability of those tools and services has significantly lowered technical barriers for aspiring criminals, allowing sophisticated attacks to be executed at a massive, global scale.
The report found that infostealer attacks grew by 58% in 2024.