Research: Data breaches down, password theft up
March 18, 2026
Data breaches have long been the most visible measure of cybercrime. But while breach numbers appear to be trending in the right direction, a quieter and more personal threat has been growing in the background. Infostealers are a type of malware that silently harvests everything stored on a victim’s device.
Research from cybersecurity company NordVPN, conducted in collaboration with threat intelligence platform NordStellar, shows that the number of compromised databases dropped by 36 per cent between 2024 and 2025, from 4,804 to 3,069. In the same period, infostealer logs jumped by 35 per cent, from 19.5 million to more than 26 million.
“Data breaches going down might sound like progress, but it really means criminals have found a more efficient way in,” commented Mantas Sabeckis, senior threat intelligence researcher at Nord Security. “A single infostealer infection can silently grab saved passwords, cookies, autofill data, and even session tokens. It’s less dramatic than a breach, but for the individual, the damage can be just as severe.”
Why break in when you can log in
Cloudflare’s 2026 Threat Report describes a broader change in attacker psychology. Modern criminals are trading sophistication for throughput. Cloudflare calls it the measure of effectiveness (MOE) — the ratio of effort to operational outcome. Why use an expensive zero-day exploit when a stolen session token gets you further for less?
In 2025, compromised databases leaked nearly 34 million passwords. Infostealers harvested 624 million. That’s more than 18 times as many. For email addresses, breaches exposed 542 million while infostealers captured 380 million and the gap is closing in the past few years.
“When a company gets breached, they notify users, reset passwords, and contain the damage,” said Marijus Briedis, chief technology officer at NordVPN. “With infostealers, nobody sends you a warning. Your credentials end up on the dark web, and you only find out when your accounts are already compromised. Companies still lose data in breaches, but now criminals don’t even need to wait for that. They can take it straight from your device.”
How to protect yourself from infostealers
Infostealers most commonly spread through pirated software, fake downloads, and phishing emails. Once installed, they run silently in the background. But the good news is that the basics go a long way. Using a password manager instead of saving credentials in your browser, keeping software up to date, and having a reliable anti-malware tool all make a device a much harder target.
“Most people know what a data breach is. Very few have heard of infostealers,” added Briedis. “That’s part of the problem. You can’t protect yourself from a threat you don’t know exists. Start with the basics: stop saving passwords in your browser, turn on multi-factor authentication, and think twice before downloading anything from an unofficial source.”