1.7 Billion Passwords Leaked on Dark Web: Why Yours is at Risk

The dark web has become a haven for cybercriminals looking to exploit unsuspecting users' sensitive information. A recent report by Fortinet reveals that over 1.7 billion fresh credentials have been harvested from infostealer infections, marking a significant increase in the number of stolen login data being traded on the dark web.

Infostealer malware is a class of programs designed to extract sensitive information like usernames, passwords, browser cookies, email logins, crypto wallets, and session tokens. Unlike large-scale data breaches that target centralized databases, infostealers operate on individual machines, compromising the end user without their knowledge.

The Rise of Infostealer Malware

Fortinet's 2025 Global Threat Landscape Report identified a 500% increase in credential logs from infostealer infections over the past year. Among the most widespread and dangerous infostealers identified in the report are RedLine, Vidar, and Raccoon.

Infostealer malware typically spreads through phishing emails, malicious browser extensions, fake software installers, or cracked applications. Once installed on a device, they scan browser databases, autofill records, saved passwords, and local files for any credential-related data.

Many infostealers also exfiltrate session tokens and authentication credentials, making it easy for hackers to gain unauthorized access to sensitive information. Cybercriminals can use this stolen data to conduct phishing attacks, identity theft, and targeted scams.

To avoid falling victim to infostealer malware, follow these tips:

• Keep software updated: Regularly update your operating system, browsers, and security software to patch known vulnerabilities.
• Use strong passwords: Use unique and complex passwords for all accounts, and consider using a password manager to generate and store them.
• Be cautious of links and attachments: Avoid clicking on suspicious links or opening attachments from unknown senders.
• Use antivirus software: Install reputable antivirus software that can detect and block infostealer threats before they compromise your system.
• Consider a personal data removal service: These services can help remove your personal information from data broker sites, reducing your risk of identity theft and targeted scams.

The tools used by cybercriminals to steal sensitive information are becoming increasingly cheap and accessible. The scale of the problem is massive, with over 1.7 billion passwords leaked in just one year. If you've ever saved a password in a browser or downloaded an unofficial app, your credentials may already be in circulation.

Should individual users, companies, software providers, or government agencies be primarily responsible for protecting personal and organizational data from cyber threats? The answer is complex and depends on various factors. However, it's clear that a collective effort is needed to address this growing concern.

Stay up-to-date with the latest cybersecurity news and tips by subscribing to my free CyberGuy Report Newsletter. Follow me on social channels for exclusive content and expert advice on staying safe online.