Massive Data Breach: Over 400,000 Corporate Credentials Compromised by Info-Stealing Malware

Over 400,000 corporate credentials have been stolen by information-stealing malware, according to an analysis of nearly 20 million malware logs. Information stealers target both careless internet users and corporate environments, with employees using personal devices for work or accessing personal content from work computers. The stolen data is packaged into logs and sold on the dark web and Telegram channels. The most prominent information-stealing families include Redline, Raccoon, Titan, Aurora, and Vidar. Cybersecurity firm Flare found approximately 375,000 logs containing access to business applications such as Salesforce, Hubspot, Quickbooks, AWS, GCP, Okta, and DocuSign. It is recommended that businesses enforce cybersecurity measures such as password managers, multi-factor authentication, and strict controls on personal device use.