2.8 Billion Passwords Stolen by M-Banking Thieves, Change Them Now!

The threat to personal data security has reached a worrying point. Passwords, long relied upon to protect personal data, are proving relatively easy for unscrupulous individuals to crack, enabling the theft of sensitive data and even the robbery of funds.

KELA’s State of Cybercrime 2026 report notes that the number of ransomware victims has risen 45% year-on-year. At the same time, 2.86 billion credentials, from passwords to cookies, are known to have leaked and are being traded on the black market.

Even more shocking, over 30% of the exposed data comes from business cloud services and authentication systems.

Not only that, but malware infection trends have also surged sharply. KELA records a drastic increase in infostealer malware infections on macOS devices, from under 1,000 cases in 2024 to over 70,000 in 2025, a rise of up to 7,000%.

“Infostealer malware is designed to extract sensitive data from infected devices, including login credentials, authentication tokens, and other important account information,” states the report, quoted from Forbes on Monday (4/5/2026).

Around 3.9 million devices worldwide have been infected with infostealer malware, resulting in the theft of more than 347 million user credentials or personal data.

Hackers’ attack methods have now transformed into far more sophisticated and hard-to-detect tactics. No longer just fake emails, perpetrators are now utilising artificial intelligence (AI-based scams) and phishing-as-a-service business models to launch their operations on a massive scale.

Moreover, these cybercriminals are exploiting vulnerabilities in digital advertisements and fake search results on search engines to spread malicious software. The slickest technique discovered is tricking users into “hacking” their own devices by unknowingly running harmful scripts through psychological manipulation.

FBI Overwhelmed, Malware Business Increasingly Profitable

Despite security authorities like the FBI conducting large-scale law enforcement operations, the pace of these threats appears unabated.

The emergence of the Malware-as-a-Service (MaaS) business model allows anyone, even those without high technical skills, to become cyber criminals simply by renting available infrastructure on the dark web.

Given the increasingly dire situation, cybersecurity experts emphasise the importance of layered protection for every digital user. Routines such as updating operating systems, avoiding clicks on suspicious links, and using password managers are no longer optional but essential.

Time to Switch to Passkeys

Although Two-Factor Authentication (2FA) has long been considered secure, experts are identifying new vulnerabilities. The prevalence of 2FA bypass techniques through session cookie theft leaves accounts vulnerable to takeover even with verification codes.

As a solution, users are strongly advised to start switching to Passkey technology. Unlike conventional passwords, Passkeys offer far stronger security because they cannot be stolen via phishing or intercepted during data transmission.

This technology works by storing the private key locally directly on the user’s device. This makes Passkeys nearly impossible to breach through interception or infostealer malware attacks that are currently plaguing the world.