A Substantial Trove

A recent report from Cybernews highlighted the discovery of 30 datasets containing approximately 16 billion login credentials from major tech platforms including Apple, Google, and Facebook. Over the course of this year, these datasets were identified by Volodymyr Diachenko, co-founder of Security Discovery. The findings suggested that multiple parties may have been involved in using infostealer malware to extract sensitive data.

While a breach of such magnitude could rank among the largest ever recorded, doubts soon arose regarding the authenticity of Diachenko’s claims. BleepingComputer reported that the incident was not a new data breach but rather a compilation of previously leaked credentials obtained by infostealers. CyberScoop confirmed this assertion, stating that a Google representative informed them that these stolen data had likely been circulating for some time before being collected and repackaged.

A Substantial Trove

Even if the data is predominantly old, this trove of personal information serves as a stark reminder of the threats posed by infostealers. Last year’s infostealer-driven breach at cloud storage company Snowflake led to data being stolen from more than 150 companies and over $2 million extorted from victims.

Moreover, there has been an uptick in infostealer attacks. Approximately three-quarters of the 3.2 billion credentials stolen last year were obtained through infostealer malware. Modern infostealers come equipped with sophisticated evasion techniques, making them harder to detect.

A Constant Barrage

While there is no dispute that infostealers pose a genuine threat, critics of the Cybernews report argue that exaggerating claims about data breaches could have negative consequences. The constant stream of news about leaks and breaches has made many consumers believe their information may already be compromised, leading them to feel powerless.

However, reporting any compromise remains one of the most effective ways to combat fraud. For financial institutions, which are increasingly targeted by infostealers, sharing accurate data on threats is crucial for countering bad actors.