Credential theft and device data exfiltration.
The "Data Troll" stealer-log corpus comprised about 2.7 billion rows containing 109.5 million unique email addresses, along with the passwords used and the websites they were entered into. It was aggregated from many prior infostealer infections rather than a single new breach and drove sensational "16 billion password" coverage in mid-2025.
ObscureIQ assessment: Presence often indicates a device was infected at some point; mitigation is resetting reused passwords, enabling MFA, and ensuring no active infostealer remains.
Live infostealer credentials tied to specific sites are highly actionable for account takeover; much of the corpus is recycled, so presence may reflect older infections.
This record is an aggregated corpus of information-stealer logs distributed under the name "Data Troll," not a breach of a single organization.
Aggregated stealer log corpora collect credentials, cookies, browser histories, device identifiers, wallet artifacts, and system metadata pulled from many infected devices into a centralized archive. The workflow is large-scale ingestion, consolidation, and formatting of exfiltrated endpoint data for search and reuse.
It underlies the June 2025 "16 billion passwords" headlines, which in reality described a compilation of largely repurposed older stealer logs with a smaller portion of new material.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Malware / Infostealer.
If you believe your information may be included:
The "Data Troll" stealer-log corpus comprised about 2.7 billion rows containing 109.5 million unique email addresses, along with the passwords used and the websites they were entered into. It was aggregated from many prior infostealer infections rather than a single new breach and drove sensational…
Verified fields include Email Address, Password.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation