Data breaches have long been the most visible measure of cybercrime. But while breach numbers appear to be trending in the right direction, a quieter and far more personal threat has been growing in the background, showed new findings from cybersecurity company NordVPN. Infostealers are a type of malware that silently harvests everything stored on a victim’s device. And according to NordVPN, as the number of compromised databases dropped by 36 percent between 2024 and 2025, infostealer logs jumped in the same period by 35 percent, from 19.5 million to more than 26 million. “Data breaches going down might sound like progress, but it really means criminals have found a more efficient way in,” said Mantas Sabeckis, senior threat intelligence researcher at Nord Security. “A single infostealer infection can silently grab saved passwords, cookies, autofill data and even session tokens. It’s less dramatic than a breach, but for the individual, the damage can be just as severe.” In 2025, compromised databases leaked nearly 34 million passwords. Infostealers harvested 624 million. That’s more than 18 times as many. For email addresses, breaches exposed 542 million while infostealers captured 380 million, and the gap is closing in the past few years. “When a company gets breached, they notify users, reset passwords and contain the damage,” added Marijus Briedis, chief technology officer at NordVPN. “With infostealers, nobody sends you a warning. Your credentials end up on the dark web, and you only find out when your accounts are already compromised. Companies still lose data in breaches, but now criminals don’t even need to wait for that. They can take it straight from your device.” Infostealers are most commonly spread through pirated software, fake downloads and phishing emails. Once installed, they run silently in the background. The users affected most by infostealers are usually the ones whose devices contain a dense mix of saved passwords, synced logins and open tabs with active sessions. “Across a large number of cases, the same types of users keep showing up, shaped by what they do online and which tools they use,” said NordVPN executives. That includes the “always-logged-in” profile, meaning mostly Windows users who stay signed in to their accounts and spend a lot of time on social networks, paid media and streaming platforms, online shopping sites and personal finance services. These users tend to save passwords and keep sessions active because they use their accounts daily and rarely log out. From an attacker’s perspective, that’s low-hanging fruit. And as surprising as it may sound, the “IT pro” profile is another prime target for bad actors. “Infostealers hit IT professionals hard because their endpoints (mostly PCs used for engineering or IT administration) concentrate high-value credentials and admin access in one place,” NordVPN executives warn. IT professionals often store admin logins, API tokens and remote access credentials alongside everyday browsing data. “If an infostealer lands on a device like this, stolen browser data can become the first domino toward accessing internal tools and infrastructure,” they continued. The good news is, the basics go a long way. Using a password manager instead of saving credentials in a browser, keeping software up to date and having a reliable anti-malware tool all make a device a much harder target. “Most people know what a data breach is. Very few have heard of infostealers,” said Briedis. “That’s part of the problem. You can’t protect yourself from a threat you don’t know exists. Start with the basics: stop saving passwords in your browser, turn on multi-factor authentication, and think twice before downloading anything from an unofficial source.” o By Martin Vilaboy CYBER PATROL Data Breaches Drop as Infostealer Infections Surge 22 CHANNELVISION | SPRING 2026
RkJQdWJsaXNoZXIy NTg4Njc=