Cybersecurity researchers are divided over claims that 16 billion login credentials were exposed in what some called the largest data breach in history, but experts agree on one point: infostealer malware has surged to unprecedented levels in 2025, creating a pipeline of stolen credentials that threatens users worldwide.
The controversy highlights a growing threat that operates below the radar of traditional cybersecurity defenses, as malicious software quietly harvests login details from infected devices and feeds them into dark web marketplaces.
Cybernews reported in mid-June that researchers discovered 30 datasets containing 16 billion login credentials tied to major platforms including Google, Apple, and Facebook12. The credentials allegedly came from infostealer malware that captures passwords, cookies, and session tokens from infected computers12.
But cybersecurity experts quickly disputed the scale and novelty of the findings. "These massive dumps have been announced for years, and they are always a recycled pile of credentials with a few new ones sprinkled in," Chester Wisniewski, director at Sophos, told CyberScoop3.
The publication called the story "a farce" that "doesn't pass a sniff test," noting the original report lacked evidence to support its claims3. Major tech companies also clarified they had not been directly breached, with the leaked data simply containing login URLs to their services4.
Despite the controversy over specific numbers, security firms report a documented surge in infostealer malware throughout 2025. Activity has increased 266% in recent years, according to cybersecurity firm Kela Cyber1.
Recent incidents include the discovery of FleshStealer malware targeting web browsers and cryptocurrency wallets, and attackers using infostealers to compromise Telefonica employees and access internal systems containing thousands of documents1.
"Cybercriminals have wasted no time in 2025," Kela Cyber reported in May, noting that stolen credentials can now be "monetized almost instantly on dark web forums, Telegram groups, and automated shops"1.
The proliferation of infostealer malware creates persistent risks even when individual breach claims prove inflated. Unlike ransomware, these programs operate silently for extended periods, allowing continuous credential harvesting1.
Security experts recommend immediate password changes, multi-factor authentication, and monitoring for compromised accounts. Organizations face particular challenges as employee device infections can expose corporate credentials2.
"We've never had a data breach of this size, of this magnitude," cybersecurity expert Chris Rader told one security blog, though the actual scope remains disputed2.
The debate over specific breach numbers may continue, but the underlying threat shows no signs of slowing as cybercriminals refine their credential-stealing operations.
