CrownLogCloud Stealer Logs 7M
Jul 7, 2026
A compilation of approximately 7 million credential records harvested by the 'CrownLogCloud' infostealer/credential-harvesting operation, distributed via Telegram (t.me/CROWNLOGCLOUD). The data is formatted as browser-saved credential dumps (URL, Username, Password, Application) captured from Chrome and Edge browsers across multiple victims. Credentials span a wide range of services including Facebook, Netflix, LinkedIn, Microsoft Live, VK, government portals (Ethiopia), and many others. The file contains no single target — it is a multi-victim stealer log compilation.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
7M.txt1 column653,303 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | emailText | high | free-text column with embedded emails (15/195 cells, 8% density) |
Notes: Heuristic auto-detection: header-named PII columns confirmed by data conformance