← All datasets

t.me

Jul 7, 2026

630,355
Records
1
Files
Jul 7, 2026
Added

A credential stuffing / infostealer log dump distributed via a Telegram channel. Contains URL:username:password combos harvested from multiple victims across various services including Netflix, Instagram, Roblox, Facebook, Snapchat, Discord, Steam, and others. Data appears to originate from stealer malware logs aggregated and shared on Telegram. No single target company — this is a multi-service credential log compilation.

Data found in this dataset

Usernameskip

Search this dataset

Scoped to this dataset. Fill any combination — results match if any field hits.

Source files

Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.

URL_1.txt
3 columns630,355 rows

File structure

Source columnMapped fieldConfidenceLLM assessment
0skiphighURLs of login/signup pages for various services; service identifiers, not PII
1usernamemediumSecond field typically contains usernames, email addresses, or numeric IDs depending on service. Mixed format: emails, usernames, phone numbers, and numeric identifiers (IDs, passport numbers). Treated as username/account identifier field.
2passwordhighThird field contains plaintext passwords or hashes of varying complexity; consistent password patterns across all entries

Notes: Infostealer credential dump with URL:username/email/ID:password format. Field 1 contains mixed PII (emails, usernames, numeric IDs like DNI/passport numbers, phone numbers). Many entries show service-dependent identifiers—some services accept email, others accept username or numeric ID. No distinct email field; email addresses appear mixed with other identifiers in column 1. Numeric values in column 1 appear to be Argentine DNI/document numbers or phone numbers based on breach context. Some entries contain 'UNKNOWN' placeholder values.