Hackers Taking Over Accounts at Massive Scale
What We Saw in 2025
Hackers used malware to steal saved passwords, login cookies, and access tokens from people’s computers. This let criminals log in as real users without knowing the password. Many large data leaks were caused by this method.
Source: The Guardian
https://www.theguardian.com/technology/2025/jun/21/internet-users-advised-to-change-passwords-after-16bn-logins-exposed
2026 Outlook
More attacks will happen without passwords at all. Hackers will steal login “sessions” and cloud access keys, especially targeting remote workers and cloud apps like Microsoft 365 and Google Workspace.
Defender Focus
- Use phishing-resistant MFA (hardware keys or passkeys)
- Monitor for stolen login sessions
- Lock down remote access and SaaS apps
- Watch for leaked credentials on the dark web
- Use endpoint protection to detect password-stealing malware
References
- CISA Known Exploited Vulnerabilities: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Guardian breach reporting: https://www.theguardian.com/technology/2025/jun/21/internet-users-advised-to-change-passwords-after-16bn-logins-exposed
Send a Message
An email will be sent to the owner