Fact Check: Infostealers are likely behind the massive credential theft!

Fact Check: "Infostealers are likely behind the massive credential theft!"

What We Know

Recent reports indicate a staggering 16 billion credentials have been leaked, sparking widespread concern about the scale of this breach. However, an analysis by Hudson Rock suggests that this dataset is largely comprised of recycled, outdated, and potentially fabricated data rather than representing a new breach (source-1). Despite this, infostealers remain a significant threat in the cybersecurity landscape. In 2024 alone, 2.1 billion credentials were confirmed stolen through infostealer malware, accounting for 75% of all credential theft (source-2).

Infostealers are malware designed to stealthily capture sensitive information, including login credentials, session cookies, and cryptocurrency wallets. The Nobitex exchange hack exemplifies the dangers posed by infostealers, where compromised employee credentials led to significant financial losses (source-1).

Analysis

The claim that infostealers are behind the massive credential theft is supported by substantial evidence. The 16 billion credentials leak has been shown to contain a mix of old data and fabricated entries, which diminishes its credibility as a new threat. Hudson Rock's findings indicate that the average number of credentials stolen per infostealer-infected device is about 50, suggesting that the reported figures are inflated and not reflective of a recent surge in infections (source-1).

Conversely, the Forbes report highlights that infostealers were responsible for the vast majority of credential theft in 2024, indicating a persistent and growing threat. The report cites that 3.2 billion credentials were stolen that year, with infostealers being the primary method of theft (source-2). This aligns with the ongoing trend of increasing infostealer activity, as evidenced by various cyber incidents, including the Nobitex breach.

While the Hudson Rock analysis casts doubt on the scale of the 16 billion credential claim, it does not undermine the reality that infostealers are a critical and ongoing threat. The Flashpoint report further corroborates this, noting the adaptability and resilience of infostealer malware, which continues to evolve despite law enforcement efforts to disrupt their operations (source-2).

Conclusion

Verdict: True. The evidence supports the claim that infostealers are likely behind the massive credential theft. While the specific figure of 16 billion credentials may be exaggerated due to the inclusion of outdated and recycled data, the overall threat posed by infostealer malware is significant and well-documented. Infostealers are responsible for a large percentage of credential theft, demonstrating their critical role in the current cybersecurity landscape.

Sources

1. 16 Billion Credentials Leak: A Closer Look at the Hype and Reality ...
2. Password Warning As 2.1 Billion Credentials Hit By Infostealer ... - Forbes
3. New & Used KIA Car Dealer | KIA Downtown Los Angeles
4. Explore New Car Inventory | KIA Downtown Los Angeles
5. A 'significant increase' in infostealer malware attacks left 3.9 ...
6. Global law-enforcement operation targets infostealer ...
7. About Our Dealership | Kia Downtown Los Angeles Near Pasadena
8. 16 billion passwords exposed in unprecedented cyber leak ...