Data breaches are becoming less common, but that doesn’t mean cyber threats are decreasing — far from it. New research suggests attackers are simply changing tactics, with infostealer malware rising as a quieter and more direct way to steal personal data from individual devices.
Recent findings from NordVPN, based on analysis with NordStellar, show this clear change in direction. The number of reported database breaches fell noticeably over the past year, while logs tied to infostealer infections rose sharply, reaching tens of millions of recorded cases.
The rise of infostealers
Unlike large-scale breaches that expose company databases in a single event, infostealers work at the individual level. Once installed, they collect saved credentials, browser data, and session information directly from a device, often without any visible signs.
That difference changes how these attacks play out. A breach affecting a company usually triggers notifications, password resets, and some level of containment. Infections on personal machines don’t come with those safeguards, which means stolen data can circulate without the user realizing anything has happened.
SEE ALSO: AI-powered attacks are reshaping cybersecurity, according to Cloudflare
There is also a practical reason behind this shift. Attackers are increasingly favoring methods that are easier to scale and require less effort per target. Instead of investing time in complex exploits, it is often more effective to compromise many individual devices and collect data continuously.
The numbers reflect that change in approach. While breaches still expose large volumes of information, the amount of data gathered through infostealers now far exceeds what is typically leaked in a single incident. Passwords, email addresses, and session tokens are all being collected in large quantities through these infections.
“For the individual, the damage can be just as severe,” said Mantas Sabeckis, senior threat intelligence researcher at Nord Security. “It’s less visible than a breach, but it can give attackers direct access to personal accounts.”
This trend also highlights a gap in awareness. Many people understand what a data breach is and how it affects them, but fewer are familiar with malware that operates quietly in the background.
Infostealers often spread through unofficial downloads, pirated software, or phishing attempts. Once active, they can continue collecting data over time rather than in a single event.
Basic precautions still go a long way. Avoiding untrusted downloads, keeping systems updated, and using tools like password managers can reduce exposure. Enabling multi-factor authentication also helps limit the impact if credentials are compromised.
“When a company gets breached, there is usually some kind of response,” said Marijus Briedis, chief technology officer at NordVPN. “With these infections, you often only find out after accounts have already been accessed.”
What looks like a decline in breaches is really a change in how data is being taken. The activity has not slowed down, it has just become less visible and more focused on individuals.
What do you think about this shift in cyber threats? Let us know in the comments.
Photo credit: Marcos Mesa Sam Wordley / Shutterstock
