Have I Been Pwned reports that 284 million login credentials have been stolen and sold through the anonymous chat app Telegram.
Data breaches are unfortunately so common that they are hardly noticed anymore, but the extent of this leak is attracting attention. Have I Been Pwned reports that as many as 284,132,969 logins were leaked through a Telegram channel.
Mass theft via Telegram
In February 2025, 23 billion rows of stolen data were discovered on ALIEN TXTBASE, a Telegram channel where cybercriminals trade login credentials. Troy Hunt, founder of Have I Been Pwned, received two files totaling five gigabytes of leaked accounts through a government contact.
Telegram is a popular platform for cybercriminals because of its anonymity and easy distribution of large files. However, Telegram can disclose the IP address and phone number of criminals who violate its terms of use in response to valid legal requests. “It works as shareware,” Hunt says, “so you get a kind of trial version of stolen passwords.” A “demo” of 36 million login credentials is offered for free, while the full data set is behind a pay wall.
Sharing private information is expressly prohibited by Telegram’s terms of use. Moderators, equipped with custom AI and machine learning tools, proactively monitor the public parts of the platform and process notifications to remove millions of malicious content daily.
How does this data get stolen?
Most of the passwords in this archive were captured via malware. Victims download software that contains an infostealer, then their login credentials are intercepted and sold. Often this is done through counterfeit websites that look official.
Want to know if your information is included? Have I Been Pwned offers a quick check after you enter your e-mail. One thing’s for sure: If you use the same password in multiple places, now is the time to change it.
read also