The traditional yardstick for cybercrime—the massive corporate data breach—is finally shrinking, but experts warn that a far more invasive threat is taking its place. Recent data indicates that while hackers are hitting big databases less often, they are increasingly bypassing company defenses entirely to rob individuals directly through “infostealer” malware.
New research released by NordVPN and NordStellar reveals a telling shift in the digital underworld. Between 2024 and 2025, the number of compromised databases dropped by 36%, falling from 4,804 to 3,069. However, during that same window, the volume of infostealer logs surged by 35%, climbing from 19.5 million to over 26 million.
“Data breaches going down might sound like progress, but it really means criminals have found a more efficient way in,” says Mantas Sabeckis, a senior threat intelligence researcher at Nord Security. He notes that while a breach is a loud, public event, an infostealer is a quiet infection that harvests saved passwords, autofill data, and session tokens directly from a user’s device.
This shift reflects a change in “attacker psychology” highlighted in Cloudflare’s 2026 Threat Report. Criminals are focusing on the ratio of effort to outcome. Rather than burning expensive, complex exploits to break into a fortified corporate server, they find it easier and cheaper to use stolen credentials to simply log in.
READ: Big Oil Faces Tax Pressure As Middle East Conflict Sends Gas Prices Soaring
The scale of this “direct-to-consumer” theft is massive. In 2025, database breaches leaked roughly 34 million passwords. In contrast, infostealers harvested 624 million—more than 18 times the amount. While breaches still expose more email addresses (542 million compared to 380 million from infostealers), the gap is narrowing rapidly.
The danger for the average person lies in the lack of transparency. “When a company gets breached, they notify users, reset passwords, and contain the damage,” explains Marijus Briedis, chief technology officer at NordVPN. “With infostealers, nobody sends you a warning. Your credentials end up on the dark web, and you only find out when your accounts are already compromised.”
Infostealers typically gain access through pirated software, fraudulent downloads, and phishing emails, running invisibly once installed. To combat this, experts suggest moving away from saving passwords directly in web browsers.
Briedis emphasizes that the lack of public awareness is the hackers’ greatest advantage, stating, “You can’t protect yourself from a threat you don’t know exists.” Security professionals recommend using dedicated password managers, enabling multi-factor authentication, and avoiding unofficial software sources to harden personal devices against these silent attacks.
Please make a small donation to the Tampa Free Press to help sustain independent journalism. Your contribution enables us to continue delivering high-quality, local, and national news coverage.
Sign up: Subscribe to our free newsletter for a curated selection of top stories delivered straight to your inbox
