LinkSort Stealer Log Compilation #26
Jul 7, 2026
A stealer log compilation labeled 'LinkSort #26' containing credential pairs in URL:username:password format. Data spans hundreds of websites including Google, Facebook, Discord, Netflix, Apple, Roblox, and many others. This is not a single-target breach but rather a compiled credential dump sourced from infostealer malware logs, sorted and packaged as a numbered series ('LinkSort'). Contains plaintext passwords and usernames/emails for victims across multiple countries.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
LinkSort_26.txt3 columns999,891 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | contains URLs, app identifiers, IP addresses, and other non-PII identifiers |
| 1 | username | high | contains potential usernames, emails, phone numbers, and other identifiers used for authentication |
| 2 | password | high | contains password hashes, plaintext passwords, and other credential strings |
Notes: This is a compiled infostealer log dataset ('LinkSort #26') containing credential pairs from hundreds of websites including Google, Facebook, Discord, Netflix, Apple, Roblox, etc. The first field often contains URLs, app package names, IP addresses, or other identifiers rather than PII. The second field maps to potential usernames, emails, phone numbers, or other account identifiers. The third field maps to passwords or password hashes.