A recent report by Cybernews highlighted the discovery of 30 datasets containing 16 billion login credentials from major tech platforms, including Apple, Google, and Facebook.

These datasets were identified throughout this year by Volodymyr Diachenko, co-founder of the cybersecurity consultancy Security Discovery. They were thought to be the result of the work of multiple parties using infostealer malware, which extracts sensitive—and often financial—data from infected devices.

Such a data breach would rank among the largest in history. Yet, questions soon arose regarding the accuracy of Diachenko’s findings. BleepingComputer reported that the incident was not an actual new data breach but rather a compilation of previously leaked credentials stolen by infostealers.

Cyberscoop corroborated this assertion, stating that a Google representative informed them that the credentials were not obtained through a new breach. Instead, the stolen information had likely been in circulation for some time before being collected and repackaged.

A Substantial Trove

Even if much of this data is outdated, it serves as a testament to the threat posed by infostealers. The previous year’s infostealer-driven breach at cloud storage company Snowflake resulted in data being stolen from more than 150 companies and over $2 million extorted from victims.

There has also been an uptick in infostealer attacks. Roughly three-quarters of the 3.2 billion credentials stolen last year were obtained through infostealer malware, and modern infostealers are equipped with increasingly sophisticated evasion techniques, making them harder to detect.

A Constant Barrage

While there is no doubt that infostealers pose a legitimate threat, critics of the Cybernews report argue that inflating claims about data breaches could have harmful effects.

The constant stream of news about leaks and breaches has made many consumers believe their information has already been compromised and that they can do little about it. However, reporting any compromise remains one of the most important ways to combat fraud, especially for financial institutions that are increasingly targeted by infostealers. Sharing accurate data on threats is a key strategy in defeating bad actors.