Technology
1.7 billion passwords leaked on dark web and why yours is at risk
Cybercriminals aren’t just going after big targets anymore.
They’re going after everyone, and they’re doing it with infostealer malware. These small, sneaky programs are quietly stealing passwords, browser data and login tokens from everyday devices.
A new report shows just how out of control the problem has become, with infostealer activity jumping 500% in just one year, harvesting more than 1.7 billion fresh credentials.
Join the FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up!
A hacker at work (Kurt “CyberGuy” Knutsson)
The industrialization of credential theft
In 2024, cybersecurity researchers at Fortinet observed a staggering surge in stolen login data being traded on the dark web. Over 1.7 billion credentials were harvested not from old breaches but through active infections on users’ devices.
At the heart of this epidemic is a class of malware called infostealers, which are programs designed specifically to extract sensitive information like usernames, passwords, browser cookies, email logins, crypto wallets and session tokens. Unlike large-scale data breaches that target centralized databases, infostealers operate on individual machines. They don’t break into a company’s servers; they compromise the end user, often without the victim ever noticing.
These logs are then aggregated and sold by initial access brokers, intermediaries who sell compromised credentials and access tokens to other cybercriminal groups, including ransomware operators. The market has matured to the point where access to a corporate VPN, an admin dashboard or even a personal bank account can be purchased at scale, with verified functionality and region-specific pricing.
Fortinet’s 2025 Global Threat Landscape Report identified a 500% increase in credential logs from infostealer infections over the past year. Among the most widespread and dangerous infostealers identified in the report are RedLine, Vidar and Raccoon.
A hacker at work (Kurt “CyberGuy” Knutsson)
200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH
How infostealers work
Infostealers are typically distributed through phishing emails, malicious browser extensions, fake software installers or cracked applications. Once installed on a device, they scan browser databases, autofill records, saved passwords and local files for any credential-related data. Many also look for digital wallets, FTP credentials and cloud service logins.
Crucially, many infostealers also exfiltrate session tokens and authentication cookies, meaning that even users who rely on multifactor authentication are not entirely safe. With a stolen session token, an attacker can bypass multifactor authentication entirely and assume control of the session without ever needing to log in manually.
Once collected, the data is uploaded to a command and control server. From there, it’s either used directly by attackers or bundled into logs and sold on forums. These logs can include everything from the victim’s IP address and geolocation to their browser fingerprint and full credential list, giving attackers everything they need to carry out further exploitation or impersonation.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
A man working on his personal and work laptops (Kurt “CyberGuy” Knutsson)
HR FIRM CONFIRMS 4M RECORDS EXPOSED IN MAJOR HACK
5 ways to stay safe from infostealer malware
With infostealer malware becoming a growing threat, protecting your data requires a mix of smart security habits and reliable tools. Here are five effective ways to keep your information safe.
1. Use a password manager: Many infostealers target saved passwords in web browsers. Instead of relying on your browser to store credentials, use a dedicated password manager. Our No. 1 pick has a built-in Data Breach Scanner that lets you check if your information has been exposed in known breaches. Get more details about my best expert-reviewed Password Managers of 2025 here.
2. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a second form of verification, such as a code from an authentication app or biometric confirmation. Cybercriminals rely on stolen usernames and passwords to break into accounts, but with 2FA enabled, they cannot gain access without the additional security step. Make sure to enable 2FA on important accounts like email, banking and work-related logins.
3. Use strong antivirus software and be cautious with downloads and links: Infostealer malware often spreads through malicious downloads, phishing emails and fake websites. Avoid downloading software or files from untrusted sources and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats or cracked applications, so it is best to stick to official websites and app stores for downloads.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4. Keep software updated: Cybercriminals exploit outdated software to deliver malware. Keeping your operating system, browsers and security software up to date ensures that known vulnerabilities are patched. Enable automatic updates whenever possible and install reputable antivirus or endpoint protection software that can detect and block infostealer threats before they compromise your system.
5. Consider a personal data removal service: These services can help remove your personal information from data broker sites, reducing your risk of identity theft, spam and targeted scams. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy.
These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.
HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY
Kurt’s key takeaway
The 1.7 billion passwords leaked in 2024 are not a relic of past breaches. They’re evidence of an evolving, industrialized cybercrime economy built on the backs of unsuspecting users and quietly infected devices. The tools are cheap, the scale is massive and the impact is personal. If you’ve ever saved a password in a browser, downloaded an unofficial app or clicked a link in a sketchy email, your credentials may already be in circulation.
Who do you think should be primarily responsible for protecting personal and organizational data from cyber threats: individual users, companies, software providers or government agencies? Why? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
All year on The Vergecast, we’ve been tracking the many bizarre and problematic actions of FCC Chairman Brendan Carr. There has been a lot to discuss! Then, this week, ahead of one of our last episodes of the year, Carr appeared in front of the Senate Commerce Committee and spent three hours explaining how he thinks about his job, the FCC, and the state of online communication and entertainment. It was a lot.
On this episode of The Vergecast, we begin with a dissection of Carr’s testimony, his threats against broadcasters, and the ways in which he’s using old ideas about content delivery to get his political way. Nilay and David walk through some of Carr’s most important quotes, explain the history of broadband regulation, and look ahead to how Carr might bring these same tactics to internet regulation next year.
Also, an important housekeeping note: The Vergecast will be live at CES! We’ll be at the Brooklyn Bowl in Las Vegas, at 3:30PM on Wednesday, January 7th. There will be podcasting, and hanging out, and bowling. It’s going to be great, and if you’re going to be in Vegas we’d love to see you there.
Until then, if you want to know more about everything we discuss in this episode, here are some links to get you started, first on Brendan Carr:
And in the streaming wars:
And in the lightning round:
NEWYou can now listen to Fox News articles!
Holiday gatherings and year-end travel often lead to a spike in missing pets. Doors open more often, routines shift and animals can slip outside in a moment of confusion.
New Year’s Eve creates loud fireworks, and shelters report some of their busiest nights of the entire year. Amid all that, one Texas family just experienced a heartwarming reunion thanks to an AI photo matching on Petco Love Lost.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
FIND A LOST PHONE THAT IS OFF OR DEAD
An AI photo-matching on Petco Love Lost helped reunite a Texas family with their missing cat after 103 days. (ULISES RUIZ/AFP via Getty Images)
How AI photo matching kept the search going
Pam’s 11-year-old indoor cat, Grayson, had never been outside alone. She believes he slipped out while she unloaded groceries at their home in Plano, Texas. The moment she realized he was gone, she acted fast.
She said, “We went up and down the streets day and night. We went online in the neighborhood and on Love Lost. We put up flyers all over the neighborhood. Friends and neighbors were looking for him. I went to the animal shelter, posted him there, and went every day for over a month, hoping to find him.”
Pam uploaded Grayson’s photo to Petco Love Lost right away. She checked her daily match alerts and hoped she would see his familiar face pop up. She told CyberGuy, “I received match alerts almost every day from Lost Love, but never saw Grayson. His profile had been on their site for over 90 days.”
The moment everything changed
Missy, a nearby resident, spotted a thin cat in an alley near her home. She brought him inside, took a picture of him and then turned to Love Lost to see if anyone had reported a missing cat like him.
Missy explained how simple the process felt. “I used Lost Love to reunite them,” she said. “I uploaded a photo of the cat that we found, and it was matched through AI with the photo that the owner uploaded.”
She soon received an AI match alert and learned that the cross street Grayson’s owner, Pam, had listed in her lost post was only a mile from her home. Missy contacted Pam right away.
That message changed everything. “I am sure that if we had not posted his picture and enabled the ability to match the images, we would never have known what happened to Grayson,” Pam said. “And we would not have connected with Missy.”
AI TECH HELPS A SENIOR REUNITE WITH HER CAT AFTER 11 DAYS
Grayson, an indoor cat from Plano, Texas, was finally found thanks to a neighbor who uploaded his photo to an AI search tool. (DANIEL PERRON/Hans Lucas/AFP via Getty Images)
A long road for an aging cat
Grayson is almost 12 and has never lived outdoors. That made this reunion feel even more emotional, Pam said.
“I am still amazed at Grayson’s journey,” she added. “I look at him and cannot believe he made it through those 103 days. He is almost 12 years old, so he is not a young kitty.”
Pam said she still thinks about what those months were like for him. “[I] guess I will always wonder where he was and how many stops he made before he reached Missy’s loving home,” she said. “He must have known she would take care of him. It takes a special person to take the time to reunite a beloved pet with their family. Missy and her family went above and beyond to reunite us with Grayson.”
Why pet tech matters during the holidays
This season brings joy but also risks for pets. Visitors, travel and loud celebrations create more chances for animals to slip out or feel spooked. Tools like AI photo matching help families act fast when a pet goes missing. Love Lost connects shelters and neighbors in one place so that people like Pam and Missy can find each other.
What to do if your pet goes missing
Losing a pet can feel overwhelming, but taking fast action helps. These steps guide you through what to do right away.
1) Search your home and neighborhood right away
Look in closets, garages and under furniture. Walk your street and ask neighbors to check yards and sheds.
2) Upload your pet’s photo to Petco Love Lost
Take a clear photo and post it on the site. AI photo matching alerts you when a possible match appears. It also helps others contact you fast.
3) Visit your local shelters in person
Shelters update kennels throughout the day. Staff can guide you and help flag your pet’s profile. Go often until you get updates.
4) Post on local community groups
Use neighborhood apps, local Facebook groups and community forums. Include your pet’s photo, last known location and your contact info.
5) Put up flyers right away
Use a large photo and simple details. Place flyers at busy intersections and near schools, parks and businesses.
6) Contact your pet’s microchip registry
If your pet is microchipped, call the registry or log in to your account. Make sure the chip is registered to you, update your contact info and mark your pet as missing so shelters and vets can reach you fast.
7) Stay consistent with your search
Check Love Lost alerts often. Visit shelters and follow up on every lead. Persistence made the difference for Pam and Grayson.
LOST DOGS ON FOURTH OF JULY: HOW TO KEEP YOUR PET SAFE
A pet owner is seen cradling a cat on their lap. (Diego Herrera Carcedo/Anadolu via Getty Images)
How AirTags can help you find a lost pet faster
While tools like AI photo matching are invaluable after a pet goes missing, prevention and real-time tracking can make an enormous difference during the first critical hours. That’s where Apple AirTags come in. An AirTag isn’t a GPS tracker, but it can still be a powerful recovery tool when used correctly. When attached securely to your pet’s collar, an AirTag uses Apple’s vast Find My network. That network consists of hundreds of millions of nearby iPhones, iPads and Macs that can anonymously and securely relay the AirTag’s location back to you.
If your pet wanders into a neighborhood, apartment complex or busy area, the chances are high that another Apple device will pass nearby and update the location automatically. You won’t know who helped, and they won’t know it was them, but the location can show up on your map within minutes. For indoor cats or dogs that don’t usually roam far, this can be especially helpful. Even a rough location can narrow your search area and save precious time.
Important limits to know: AirTags work best in populated areas. They rely on nearby Apple devices, so coverage may be limited in rural or remote locations. They also don’t update continuously like true GPS pet trackers. That’s why AirTags should be seen as a backup layer, not a replacement for microchipping or dedicated pet trackers.
How to use an AirTag safely with pets
- Use a secure, pet-specific AirTag holder that won’t break easily.
- Attach it to a breakaway collar for cats and dogs to reduce injury risk.
- Make sure Find My notifications are turned on so you get alerts quickly.
- Combine it with microchipping and ID tags for the best protection.
Used together, these tools give you multiple ways to reconnect with your pet, whether minutes or months have passed.
For a list of the best pet trackers, go to Cyberguy.com and search “best pet trackers.”
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
Grayson’s reunion is a reminder that tech works best when caring people put it to use. AI matched the photos, but Missy took action, and Pam never stopped looking. Their persistence helped a senior cat get home after a long and risky journey.
If your pet went missing today, would you know the first step to bring them home fast? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
After briefly going dark in the US to comply with the divest-or-ban law targeting ByteDance that went into effect on January 19th, TikTok quickly came back online. It eventually reappeared in the App Store and Google Play as negotiations between the US and China continued, and Donald Trump continued to sign extensions directing officials not to apply the law’s penalties.
Finally, in mid-December, TikTok CEO Shou Zi Chew told employees that the agreements to create TikTok USDS Joint Venture LLC, which includes Oracle, Silver Lake, and MGX as part owners, have been signed, and the deal is expected to close on January 22nd, 2026. His letter said that for users in the US, the new joint venture will oversee data protection, the security of a newly-retrained algorithm, content moderation, and the deployment of the US app and platform.
Read on for all the latest news on the TikTok ban law in the US.
What’s happening in New Mexico December 19-25? Nutcracker in the Land of Enchantment and more
President Trump is coming to North Carolina on Friday: What to know
Amid Rural EMS Struggles, North Dakota Lawmakers Weigh Solutions
After her son died in car wreck, Ohio mom fought for public records
How to Watch Tonight’s Alabama vs. Oklahoma Playoff Game Online
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Takeaways from an eventful 2025 election cycle
Judge tosses Trump-linked lawsuit targeting Chief Justice Roberts, dealing setback to Trump allies
Who was Osman Hadi; why is Bangladesh on fire over his death?
Putin tells news conference that Kremlin’s military goals will be achieved in Ukraine
Video: Trump Mocks Obama, Biden in His Presidential ‘Walk of Fame’
-
Iowa4 days agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Iowa6 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Maine3 days agoElementary-aged student killed in school bus crash in southern Maine
-
Maryland4 days agoFrigid temperatures to start the week in Maryland
-
Technology1 week agoThe Game Awards are losing their luster
-
South Dakota5 days agoNature: Snow in South Dakota
-
Nebraska1 week agoNebraska lands commitment from DL Jayden Travers adding to early Top 5 recruiting class
-
World1 week agoCoalition of the Willing calls for transatlantic unity for Ukraine