Aggregated stolen credentials and password pairs.
In May 2024, about 2 billion rows of credential data with 361,468,099 unique email addresses were collated from 518 malicious Telegram channels (1,748 files, ~122GB). The data included email addresses, usernames, passwords, and in many cases the website the credentials were entered into, sourced from a mix of combolists and infostealer malware. About 151 million email addresses had not been seen before.
ObscureIQ assessment: Because much of the data came from infostealers, presence may indicate a device was infected, so exposure can extend to any credential typed on that device, not just one account.
The inclusion of the target website alongside credentials makes this especially useful for precise credential-stuffing and account-takeover attempts; presence indicates credentials are actively circulating for reuse attacks.
This record is an aggregation of credential combolists harvested from malicious Telegram channels rather than a breach of a specific organization.
Telegram-distributed combo lists usually contain email-password or username-password pairs compiled from prior incidents and repackaged for easy sharing in messaging channels. The workflow is not service delivery but redistribution, where credentials are collected, formatted, and circulated in batches for rapid downstream use.
Collated in May 2024 from 518 Telegram channels, the data combined existing combolists with output from information-stealing malware.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Scraping / Collection.
If you believe your information may be included:
In May 2024, about 2 billion rows of credential data with 361,468,099 unique email addresses were collated from 518 malicious Telegram channels (1,748 files, ~122GB). The data included email addresses, usernames, passwords, and in many cases the website the credentials were entered into, sourced…
Verified fields include Email Address, Password, Username.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation