Modern infostealers have expanded credential theft far beyond usernames and passwords. Over the past year, campaigns have accelerated, targeting users with little distinction between corporate employees and individuals on personal devices.
These infections routinely harvest credentials alongside broader session data and user activity. The resulting datasets are aggregated and sold by initial access brokers, then reused across attacks targeting both personal and enterprise environments.
To better understand the scope and implications of this activity, Specops researchers analyzed more than 90,000 leaked infostealer dumps, comprising over 800 million rows of data collected during active infections.
The datasets included credentials, browser cookies, browsing history, and system-level files stored locally on compromised machines.
What emerges is a clear picture of how infostealer dumps allow attackers to associate technical data with real users, organizations, and behavioral patterns, making a single infection valuable long after the initial compromise.
When stolen credentials become identity data
The biggest risk is how easily infostealer data ties multiple accounts and behaviors back to one real person. These dumps routinely expose reused account names across services, Windows usernames, files stored in user directories, active session data, and detailed records of activity across environments.
Combined, these signals let attackers move from a single compromised credential to identifying an individual, their employer, and potentially their role within an organization.
This convergence collapses the boundary between personal and professional identity that many security models still assume exists. What may start as a compromise on a personal device can quickly escalate into enterprise-level risk.
Specops Password Policy helps organizations break this link by continuously scanning Active Directory against a database of more than 5.4 billion known-compromised credentials, rather than only checking passwords at creation or reset.
... continue reading