Security 10809 Published by

A security researcher handed Troy Hunt 122 GB of data obtained from numerous Telegram channels. This data contained 1,7k files, 2 billion lines of text, and 361 million distinct email addresses, passwords, and website URLs.

Attackers frequently use the data, also known as "combolists," to launch "credential stuffing" attacks. The data was sourced from 518 different channels and amounted to 1,748 separate files. The largest file, containing tens of millions of rows, appears to be the result of info-stealing malware that obtained credentials from compromised websites. The data was loaded into Have I Been Pwned (HIBP) today, as it contains a large amount of previously unseen email addresses.





Telegram Combolists and 361M Email Addresses

Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the website the data pertains to. I've loaded it into Have I Been Pwned (HIBP) today because there's a huge amount of previously unseen email addresses and based on all the checks I've done, it's legitimate data.

Telegram Combolists and 361M Email Addresses