Tendvane

← All articles

SecurityJune 30, 2026

1.8 billion passwords were stolen last year — stop letting your browser remember them

Cheap, silent malware called infostealers had a record year: researchers tracked roughly 1.8 billion stolen credentials in 2025 across 5.8 million infected devices — an 800% jump. Stolen logins now turn up in 86% of all breaches.

They are so effective because most people let their web browser save every password. Infostealers are built to open exactly that database — saved logins, autofill data and even active session cookies — and ship it off in seconds, usually with no visible sign at all.

What to do: move your passwords out of the browser and into a dedicated password manager, turn on two-factor authentication everywhere, and where a site offers a passkey, use it — passkeys cannot be phished or copied out of a browser. Then clear the passwords saved in Chrome and Edge so there is nothing left to steal.

Infostealers ride in on pirated software, fake "download" pages and malicious ads, and they hide in your personal folders to run at startup. Tendvane's new Safety check looks in exactly those spots — unsigned programs auto-starting from your AppData or Temp folders, browser extensions you do not recognise, and hosts/proxy tampering — so a stealer that reached the machine has fewer places to hide.

Sources

Download Tendvane