Security News > 2024 > June > 361 million stolen accounts leaked on Telegram added to HIBP
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised.
Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked to the channel's users to build reputation and subscribers.
The stolen data is usually leaked as username and password combinations, username and passwords along with a URL associated with them, and raw cookies.
According to Hunt, this data is massive, containing 361 million unique email addresses, with 151 million never previously seen by the data breach notification service.
Stolen credentials are usually not shared with a timestamp to indicate when they are stolen.
More recently threat actors stole data from Snowflake databases using what is believed to be compromised credentials stolen using information-stealing malware.