t.me
Jul 7, 2026
A credential stuffing / infostealer log dump distributed via a Telegram channel. Contains URL:username:password combos harvested from multiple victims across various services including Netflix, Instagram, Roblox, Facebook, Snapchat, Discord, Steam, and others. Data appears to originate from stealer malware logs aggregated and shared on Telegram. No single target company — this is a multi-service credential log compilation.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
URL_1.txt3 columns630,355 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | URLs of login/signup pages for various services; service identifiers, not PII |
| 1 | username | medium | Second field typically contains usernames, email addresses, or numeric IDs depending on service. Mixed format: emails, usernames, phone numbers, and numeric identifiers (IDs, passport numbers). Treated as username/account identifier field. |
| 2 | password | high | Third field contains plaintext passwords or hashes of varying complexity; consistent password patterns across all entries |
Notes: Infostealer credential dump with URL:username/email/ID:password format. Field 1 contains mixed PII (emails, usernames, numeric IDs like DNI/passport numbers, phone numbers). Many entries show service-dependent identifiers—some services accept email, others accept username or numeric ID. No distinct email field; email addresses appear mixed with other identifiers in column 1. Numeric values in column 1 appear to be Argentine DNI/document numbers or phone numbers based on breach context. Some entries contain 'UNKNOWN' placeholder values.