Infostealer attacks have compromised 2.1 billion credentials

Infostealer attacks are a major threat to online security, with new reports revealing alarming statistics. In 2024, about 3.2 billion user credentials were stolen, and a staggering 2.1 billion of those were linked to infostealer malware. This type of malware accounts for 75% of all credential theft. The data comes from Flashpoint, a threat intelligence firm. They noted a 33% increase in stolen passwords compared to the previous year. The rise of infostealer attacks is concerning because these stolen credentials are frequently traded on dark web marketplaces and are used in various cybercrimes. In addition to the credential theft, the report highlighted that security vulnerabilities have also grown by 12%. Even more worrying, 39% of these vulnerabilities have known exploits. Ransomware attacks have seen a 10% increase, and data breaches across all sectors are up by 6%. Flashpoint also reported that over 200 million credentials had already been stolen in 2025. Infostealer malware is becoming more common, as it is easy to use and costs little for attackers. The most used infostealer variants include Redline, RisePro, SteaC, Lumma Stealer, and Meta Stealer. To protect against these threats, it is crucial to be cautious about online searches. Attackers often use popular keywords like "free" or "download" to lure victims. The usual advice remains relevant: enable two-factor authentication whenever possible and consider email filtering solutions. A strong password alone is not enough to safeguard against infostealer malware.