How infostealers turn stolen credentials into real identities

• How infostealers turn stolen credentials into real identities February 19, 2026 10:05 AM 0 Modern infostealers have expanded credential theft far beyond usernames and passwords. • Over the past year, campaigns have accelerated, targeting users with little distinction between corporate employees and individuals on personal devices. • These infections routinely harvest credentials alongside broader session data and user activity. • The resulting datasets are aggregated and sold by initial access brokers, then reused across attacks targeting both personal and enterprise environments. • To better understand the scope and implications of this activity,Specops researchers analyzedmore than 90,000 leaked infostealer dumps, comprising over 800 million rows of data collected during active infections. • The datasets included credentials, browser cookies, browsing history, and system-level files stored locally on compromised machines.

Article Summaries:

• Specops researchers analyzed over 90,000 infostealer dumps containing more than 800 million rows of data, revealing that modern malware now harvests not only usernames and passwords but also session cookies, browsing history, and local system files. The aggregated datasets expose reused account names, Windows usernames, and detailed activity logs, allowing attackers to link a single compromised credential to a real person, their employer, and job role. This blurs the line between personal and corporate security, enabling targeted phishing and deeper enterprise access. Specops’ Password Policy tool counters the risk by blocking known‑compromised passwords in Active Directory, while Verizon’s report notes stolen credentials are involved in 44.7 % of breaches.

Sources:

• https://www.bleepingcomputer.com/news/security/how-infostealers-turn-stolen-credentials-into-real-identities/