Kaspersky flags rising infostealer threats of 16 billion records leak 

Global cybersecurity firm Kaspersky says a surge in infostealer malware is fuelling massive data leaks, including a newly uncovered trove containing 16 billion exposed records, spotlighting a growing threat with far-reaching implications for Nigerians and other internet users.

The leaked datasets, reported by Cybernews, are believed to comprise credentials and sensitive user information harvested from a compilation of 30 different data breaches. Kaspersky warns that the leak underscores the alarming industrialisation of credential theft on a global scale.

“This figure – 16 billion records – is nearly double the earth’s population. While it may seem implausible at first, what we’re looking at is an accumulation of logs obtained from multiple breaches. These are mostly the work of infostealers, malware designed to silently collect user data like login credentials and cookies,” Alexandra Fedosimova, Digital Footprint Analyst at Kaspersky, says in a statement made available to Technology Times.

Infostealers have compromised millions of devices worldwide

Fedosimova notes that the Cybernews research, spanning six months from early 2025, likely includes duplicates — a common outcome of password reuse by users — and thus may not reflect an entirely new dataset.

Kaspersky telemetry data reveals a 21% increase in global detections of password-stealing malware from 2023 to 2024. Infostealers have become one of the most prevalent and effective tools in the cybercriminal playbook, with millions of devices compromised worldwide.

Dmitry Galov, Head of Kaspersky’s Global Research and Analysis Team (GReAT) for Russia and CIS, links the data aggregation to a maturing cybercrime economy that thrives on stolen credentials: “What we’re witnessing is the evolution of a well-oiled marketplace for stolen data. Credentials are stolen through infostealers, phishing attacks, and other malware, then bundled into ‘combo lists’ and resold — often multiple times — on the dark web and now even on some publicly-accessible forums.”

He adds that the real concern isn’t just the scale of the leak, but that the databases were allegedly temporarily accessible via unsecured channels, making them discoverable by virtually anyone.

For Nigerian users increasingly conducting financial transactions, communications, and digital identity verification online, this growing threat carries local urgency. With more than 122 million internet users and expanding digital adoption across sectors, Nigeria remains a key target zone for cybercriminals looking to exploit vulnerabilities at scale.

Kaspersky experts urge immediate action: audit your digital footprint, update all passwords regularly, activate two-factor authentication, and monitor for any signs of compromise.

“This is a reminder to clean up your digital presence,” Anna Larkina, Web Content Analysis Expert at Kaspersky says. “If attackers have already breached your accounts, contact technical support immediately. Also, adopt a reliable password manager like Kaspersky Password Manager to store credentials securely.”

Larkina warns that beyond password theft, the leaked information could be weaponised in social engineering scams and phishing campaigns — attacks that are already common in Nigeria’s digital space.

Cybersecurity tips for Nigerian users:

• Change passwords regularly and avoid reusing them across services.
• Use two-factor authentication on all accounts.
• Employ password managers to store credentials securely.
• Stay vigilant against scam messages, especially those referencing leaked personal details.
• If in doubt, contact your service provider or bank for verification.

Kaspersky, founded in 1997, protects over a billion devices globally, the company says. With deep-rooted threat intelligence and a mission to safeguard personal and corporate digital life, the company remains a key player in the battle against increasingly sophisticated cyberattacks.