Credential theft and device data exfiltration.
In February 2025, about 23 billion rows of infostealer logs from the ALIEN TXTBASE Telegram channel were processed, containing 284,132,969 unique email addresses along with the passwords used and the websites they were entered into (about 493 million unique website/email pairs, ~1.5TB). The data was captured by infostealer malware on infected devices.
ObscureIQ assessment: Infostealer logs expose every credential typed on a compromised device, so exposure extends across all of a victim’s accounts until passwords are reset and the malware removed.
Because these are live credentials captured by infostealers along with the exact site they were used on, they are highly actionable for account takeover; presence often indicates a device was infected rather than a single site being breached.
ALIEN TXTBASE is a Telegram channel that distributed massive volumes of information-stealer (infostealer) logs; this record is that aggregated stealer-log corpus, not a single-company breach.
Infostealer log datasets usually contain usernames, passwords, browser-stored credentials, cookies, autofill data, device information, IP addresses, installed software details, and other artifacts exfiltrated from infected machines. Their workflows center on malware collection, log packaging, aggregation, and redistribution in bulk.
In February 2025, a government agency alerted researchers to the trove, which was then processed and indexed for search by email and target-website domain.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Malware / Infostealer.
If you believe your information may be included:
In February 2025, about 23 billion rows of infostealer logs from the ALIEN TXTBASE Telegram channel were processed, containing 284,132,969 unique email addresses along with the passwords used and the websites they were entered into (about 493 million unique website/email pairs, ~1.5TB). The data…
Verified fields include Email Address, Password.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation