A newly revealed breach tied to infostealer malware has compromised 183 million email accounts, prompting urgent warnings for users and renewed scrutiny of endpoint security.
According to WebProNews, a large-scale breach involving infostealer malware has exposed around 183 million email addresses and associated passwords. The data breach notification service confirmed the breach, Have I Been Pwned, which recently added the compromised dataset to its searchable database. Though the data was harvested over time and the breach occurred in April 2025, it was only disclosed publicly in late October, reflecting a big delay in detection.
Infostealer malware collects credentials silently from infected devices, allowing cybercriminals to stockpile login data and sell it on underground forums. The delay between infection and public disclosure leaves users unaware and vulnerable to identity theft, phishing attempts, and financial fraud.
The breach includes plain-text passwords, making it especially harmful. While no single source of infection has been confirmed, the data likely stems from a collection of malware campaigns rather than a single platform. Comparisons are being drawn to past incidents like 2019’s Collection #1 leak, which exposed over 773 million credentials.
Security experts warn that the presence of plain-text passwords indicates a lack of encryption or hashing, raising questions about the security practices of affected services. Industry estimates suggest data breaches of this nature contribute to multi-trillion-dollar global economic losses, urging businesses to adopt stronger defenses such as multi-factor authentication, biometrics, and passwordless login options.
Mashable and PCWorld stated that the exposed data likely comes from various platforms, with the breach’s impact spread globally. Have I Been Pwned founder Troy Hunt advised users to proactively check whether their information was exposed and take immediate steps to secure their accounts. While no single company has been named as the breach origin, the data appears to have been gathered from infected endpoints over a long period.
PCWorld also underlined the role of personal device vulnerabilities in large-scale breaches like this, advocating for broader use of password managers and endpoint detection tools.
According to Cybernews, the United States saw over 2.5 million breached accounts between January and June 2025, more than any other country. Even with fewer global incidents overall, the data shows that personal accounts remain an easy target for cybercriminals. The latest infostealer campaign adds to this problem, exposing how attackers continue to harvest passwords and emails from individual devices rather than company servers. The trend points to a growing shift in data theft, one that exploits everyday user behavior and gaps in personal security rather than large-scale system failures.
Infostealer malware is malicious software that silently collects data from infected devices, including saved passwords, browser cookies, and autofill information. It often spreads via fake software installers, cracked applications, or malicious browser extensions.
Plain-text passwords suggest either poor security practices on the user’s device (e.g., saving credentials insecurely) or improper handling of credentials by third-party applications or malware logs that bypass standard encryption.
Most providers don't proactively monitor breaches outside their own systems. Tools like Have I Been Pwned or browser alerts (e.g., Chrome’s password checker) are more reliable for identifying compromised credentials.
Breaches involving infostealer malware often go undetected because the malware affects individuals rather than centralized systems. Without a single breach event, it can take time for researchers to compile, analyze, and disclose the full scope.
Most reputable password managers use encryption and master passwords that are not stored locally, offering strong protection. However, if an infostealer compromises the device and captures keystrokes or screenshots, even secure apps can be at risk, reinforcing the need for full endpoint security.