Understanding how much your organisation is at risk from stolen login details is the first step in building strong protection.

That old saying, “The greatest trick the devil ever played was convincing the world he doesn’t exist,” feels very true in today’s world of computer security. A new trick is appearing where bad guys say they have broken into company computers, making people panic and wanting attention. But the truth might be less dramatic, with the stolen information coming from something more hidden, but less exciting: malware that steals information.

Don’t Believe Everything You Hear

It is very important not to believe everything a bad guy says. Just because someone says a data breach happened does not mean it is true. We are seeing a worrying trend where these bad people are using stolen login details that they got from infostealer malware to make it look like they broke into a whole company network.

Infostealer vs. Data Breach: Know the Difference

Infostealer malware is made to get into single computers and secretly steal important information. This can be things like usernames and passwords saved in internet browsers and password managers, as well as information copied to the clipboard and network settings. While getting infected with an infostealer can be very bad for one computer, it is different from a data breach. A real data breach means that a whole network is broken into, possibly exposing millions of records and putting a whole organisation at risk by moving around inside the network. Infostealer malware usually just targets single computers.

False Claims in Action: OpenAI and CheckPoint

Recent examples show this trick in action. In February 2025, a bad guy called “emirking” said they had over 20 million login codes for OpenAI accounts. But when people looked at the stolen information, they found that these logins did not come from OpenAI being broken into. Instead, they came from many different computers that were infected with infostealer malware. This shows how bad guys can put together information from many single infections to make it look like a big breach happened. In fact, in 2024 alone, over three million stolen OpenAI accounts were collected from infostealer programs. Imagine how bad it would look if a bad guy said all of this was one single breach!

Similarly, in April 2025, a bad guy called “CoreInjection” said they had broken into CheckPoint and stolen information from over 18,000 users. Even though CheckPoint said this was not true, the bad guy shared some of the user records. When people looked into it, they found that this information was old login details that came from infostealer malware infections, just like the false claims against OpenAI.

Why the Deception? Attention and Profit

So, why would bad guys lie like this? Saying they did a successful data breach gets them more attention and makes them look more important to other bad guys, possible victims, and people who buy stolen data on secret online forums. The idea that a breach is very big can also make the stolen data seem more valuable, so the bad guys can ask for more money. Also, by saying they broke into a whole network, the bad guys can hide where the information really came from – single infected computers – making it harder for the victims to understand what happened and where the attack started. This confusion helps the bad guys.

Be Aware and Take Action

Organisations need to know about this trick and take steps to protect themselves. There are so many infostealer logs floating around on bad online forums that it is easy for bad guys to keep saying “data breach.” This can cause unnecessary panic and maybe lead to quick, bad decisions.

Instead of panicking right away, organisations should focus on making their defences stronger against stolen login details and fixing weaknesses that stolen logins could use. This includes:

• Active monitoring: Keep checking bad online forums for stolen login details related to your organisation. Finding them early lets you act quickly, like changing passwords and stopping access.
• Proactive access management: Have strict rules about who can access what, quickly stop access for people who leave the company, and regularly check who has which permissions.
• Enforcement of Multi-Factor Authentication (MFA): Make everyone use MFA on all accounts, especially those that can access important information and critical systems like VPNs and admin accounts.

Platforms like Kela offer great threat intelligence, giving useful information about the world of cyber threats, including how common infostealer malware is and the tricks that bad guys use. Cybersecurity experts at CREAPLUS can help your organisation use the power of Kela’s Threat Intelligence Platform and put in place good strategies to reduce the risks from both data breaches and infostealer infections.

Contact us!