FDIC Digital Sign, using the official FDIC wordmark. This digital sign indicates the deposit institution is backed by the full faith and credit of the US government.
October 1, 2025

CyberSecurity Source | Fall 2025

Cyber Security

What You Need to Know About the Infostealer Data Breach

Recent reports from cybersecurity researchers, highlighted by various news outlets since January, indicate a staggering amount of users’ information has been exposed in multiple data breaches involving an estimated 16 billion login credentials. This massive collection of usernames and passwords, which includes data from major platforms such as Apple, Google, Facebook, GitHub, Telegram, and even some government portals, represents one of the largest exposures of personal online data in history.

What Happened?

Cybersecurity researchers at Cybernews have been tracking a collection of over 30 separate datasets that briefly appeared online starting in early 2025. These datasets, ranging from tens of millions to over 3.5 billion records each, appear to have been compiled using various "infostealer" malware programs.

Infostealers are malicious software designed to quietly collect sensitive user data, including login details, from infected devices. While some of the records might be older or duplicated, researchers emphasize that a significant portion of this data is new and highly usable by criminals. The way the data is organized, often showing a website URL followed by a username and password, makes it particularly easy for bad actors to exploit.

Why Is This So Important?

The sheer scale of this breach means that a huge number of individuals could be affected, potentially impacting multiple online accounts for many people. If criminals get their hands on your login information, they can use it for various malicious activities, including:

  • Identity Theft: Using your details to open new accounts or commit fraud in your name.
  • Account Takeovers: Gaining full access to your online accounts to send fake messages, make unauthorized purchases, or steal personal information.
  • Phishing Attacks: Using your compromised information to create highly believable fake emails or messages designed to trick you into revealing even more sensitive data.
  • Fraud and Extortion: Using your personal details for various scams or even blackmail.

Experts are calling this breach a "blueprint for mass exploitation" due to the way the stolen data was accessed and how easily it can be replicated and used.

What Should You Do Right Now to Stay Safe?

Given the widespread nature of this breach, it's crucial to take immediate steps to protect your online accounts. Don't wait to find out if your specific information was compromised, act now as a precaution.

  1. Change Your Passwords Immediately: This is the most critical first step. Create new, strong, and unique passwords for all your important online accounts, especially those linked to email, banking, social media, and any services you use for shopping or work.
  • Make them strong: Use a mix of uppercase and lowercase letters, numbers, and symbols. Aim for at least 12-16 characters.
  • Make them unique: Never reuse passwords across different websites. If one account is compromised, criminals can easily access your others.
Enable Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA): This adds an extra layer of security. Even if a criminal has your password, they won't be able to log in without a second piece of information, typically a code sent to your phone or generated by an authenticator app. Many services, including Google, Apple, and Facebook, offer this feature. Turn it on wherever it's available. Consider Using a Password Manager: These tools securely store all your unique, complex passwords, so you only need to remember one master password. Many password managers also offer features to alert you if your credentials appear in a known data breach. Explore Passkeys: Major tech companies like Google, Apple, and Microsoft are promoting "passkeys" as a more secure, password-less login method. Passkeys replace traditional passwords with biometric authentication (like fingerprint or facial recognition) or a simple PIN on your trusted device (like your smartphone). This can significantly reduce your risk of phishing attacks and account takeovers. Be Wary of Suspicious Communications: Cybercriminals often use stolen login information to craft convincing phishing emails or text messages. Be extra cautious of any unsolicited messages, especially those asking you to click on links, download attachments, or verify personal information. Always go directly to the official website of the service if you need to check something. Monitor Your Accounts: Keep a close eye on your bank statements, credit card activity, and online accounts for any unusual or unauthorized transactions.


Stay Vigilant

While this news can be alarming, taking these proactive steps can significantly protect your digital life. Cybersecurity is a shared responsibility, and remaining vigilant about your online security is more important than ever.

Are Public Wi-Fi Networks Safe?

Public Wi-Fi networks, or hotspots, in coffee shops, malls, airports, hotels, and other places are convenient. In the early days of the internet they often weren’t secure, but things have changed. Here’s what you need to know about your safety when you connect to a public Wi-Fi network:

Protecting Yourself

The best way to protect yourself if you’re logging in or sending personal information is to make sure the web address starts with “https.” That “s” stands for Secure and indicates that the information you’re sending has been encrypted. Logging in without https could expose your username and password, which, if you reuse passwords, could compromise other sites.

Be sure that the https remains in place the entire time you’re on the website. Some websites only encrypt the login page. If you end up on an unencrypted page, log out immediately.

Don’t set your device to automatically connect to networks outside of your home. This way, you remain in control of what you’re connecting to. Public networks are generally not secure, which means that anyone on that network can see what websites you visit, even if they may not see the information you’re entering.

Keep your software up to date and pay attention to warnings. Many browsers will alert you before you visit unsecured or doubtful sites.

Consider using a reputable Virtual Private Network, or VPN. A VPN basically creates a secure tunnel that all your activity passes through, protecting your information all along the way.

If you’re out and about and need to view your financial information, consider using your smartphone to access your mobile banking or email, as cellular data is generally more secure than public Wi-Fi networks.

Got a New Online Friend? Be Wary

Romance scams have been a reliable source of income for digital criminals for years. But a new, more subtle variation of that fraud is seeing an uptick. Instead of convincing vulnerable people online with promises of romance, some scammers are creating a false bond with victims by convincing them they share a common interest. Fraud experts often refer to this as affinity fraud, where the criminal will take advantage of a shared affiliation or interest with the victim and the trust that comes with it.

How Friendship Scams Work

The scams follow a predictable script, says Jason Zirkle, a certified fraud examiner and training director at the Association of Certified Fraud Examiners: criminals lurking on sites like Facebook, Instagram or Reddit initiate contact by sending direct messages or commenting on posts. Or they might try to initiate a relationship using a wrong number text (“Hi, is this Jane?”). If you reply, they’ll quickly try to engage you in conversation and forge a connection. Then they often use empathy and “mirroring,” appearing to be in the same circumstances as you, to establish deep emotional connections quickly.

Eventually, conversations move to platforms that are harder to trace, such as encrypted text messaging apps like WhatsApp and Telegram. Finally, scammers invent a personal crisis to ask for financial help, often requesting money via nontraditional channels like gift cards, cryptocurrency or peer-to-peer payment apps. Or they’ll say they have an investment opportunity. They have a relative who’s done well in cryptocurrency, and they want you to benefit from their knowledge. The process of creating trust before proposing this sort of bogus investment is known as financial grooming.

Since people might not question platonic relationships as much as romantic ones, scammers can be harder to spot. “The relationship building is a little bit more subtle,” Zirkle says. “For that reason, I think friendship scams are more insidious than romance scams.”

AI’s role

Friendship scams, like many forms of fraud, are becoming even more convincing with the help of artificial intelligence. For example, a male criminal living overseas can use AI to pose as an older American woman who lives in the South and is gardener. If he meets you in a Facebook gardening group, he can use ChatGPT to translate his native tongue into perfect English, infuse his writing with Southern dialect, generate insights and observations about growing flowers and vegetables suited to Southern climates, and even fabricate real-looking images of his female alter ego working on rosebushes.

How to Avoid Friendship Scams

Keep these tips in mind to build online connections safely:

  • Be skeptical of sudden closeness. Scammers want to build rapport fast, so proceed cautiously when a new connection gets intimate soon after you meet them.
  • Beware of secrecy and evasion. If online friends want you to keep your relationship secret, or if they avoid speaking on the phone, having a video chat or meeting you in person, they may be hiding something.
  • Avoid messaging platforms. If your new friend wants to move your conversation to a messaging service like WhatsApp, Telegram, or Signal, that’s a red flag.
  • Don’t send money. Eventually scammers always ask for money. If someone you’ve never met in person solicits you for cash, that’s a red flag. Requests that are urgent or involve nontraditional payment methods like gift cards or crypto are especially suspicious.
  • Seek a second opinion. If something about a new friendship feels off, consider confiding in a trusted friend or family member to get a fresh perspective.
  • Cut off contact. Immediately stop communicating if you suspect the individual may be a scammer, and do not re-engage with them.