Infostealers Surge as Data Breaches Decline, Exposing Far More Credentials
A shift in cybercriminal tactics is reshaping the threat landscape, with infostealers malware designed to silently harvest sensitive data from infected devices now outpacing traditional data breaches in scale. While compromised databases dropped by 36% between 2024 and 2025 (from 4,804 to 3,069), infostealer activity surged by 35%, with logs increasing from 19.5 million to over 26 million in the same period.
The disparity in stolen credentials is stark: in 2025, breaches exposed 34 million passwords, while infostealers harvested 624 million an 18-fold difference. For email addresses, breaches leaked 542 million compared to infostealers’ 380 million, though the gap has narrowed in recent years.
Infostealers typically spread through pirated software, malicious downloads, and phishing emails, operating undetected to extract saved passwords, browser cookies, autofill data, and session tokens. Unlike high-profile breaches, these attacks are less visible but equally damaging to individuals, as a single infection can compromise a victim’s entire digital footprint.
The findings, from research by NordVPN and NordStellar, highlight how cybercriminals are prioritizing stealth and efficiency over large-scale breaches, making infostealers a growing risk for both personal and corporate security.
Nord Security cybersecurity rating report: https://www.rankiteo.com/company/nordsecurity
"id": "NOR1773973666",
"linkid": "nordsecurity",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'type': 'Individuals and Corporations'}],
'attack_vector': ['pirated software',
'malicious downloads',
'phishing emails'],
'data_breach': {'number_of_records_exposed': '624 million passwords, 380 '
'million email addresses',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['passwords',
'email addresses',
'browser cookies',
'autofill data',
'session tokens']},
'description': 'A shift in cybercriminal tactics is reshaping the threat '
'landscape, with infostealers malware designed to silently '
'harvest sensitive data from infected devices now outpacing '
'traditional data breaches in scale. Infostealers typically '
'spread through pirated software, malicious downloads, and '
'phishing emails, operating undetected to extract saved '
'passwords, browser cookies, autofill data, and session '
'tokens. Unlike high-profile breaches, these attacks are less '
'visible but equally damaging to individuals, as a single '
'infection can compromise a victim’s entire digital footprint.',
'impact': {'data_compromised': '624 million passwords, 380 million email '
'addresses, browser cookies, autofill data, '
'session tokens',
'identity_theft_risk': 'High'},
'lessons_learned': 'Cybercriminals are prioritizing stealth and efficiency '
'over large-scale breaches, making infostealers a growing '
'risk for both personal and corporate security.',
'motivation': 'Data harvesting for financial gain',
'post_incident_analysis': {'root_causes': 'Shift in cybercriminal tactics '
'toward stealthy data harvesting '
'via infostealers'},
'references': [{'source': 'NordVPN and NordStellar Research'}],
'title': 'Infostealers Surge as Data Breaches Decline, Exposing Far More '
'Credentials',
'type': 'Infostealer Malware'}