Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Telegram combolists show that we are all hacked

A combolist is a compilation of email addresses and corresponding passwords that have been gathered, often illicitly, from various data breaches, credential stuffing attacks, and other hacking activities

byKerem Gülen
June 4, 2024
in Cybersecurity

Telegram combolists have unveiled a staggering data breach, revealing that millions of accounts have been compromised.

A massive collection of 361 million email addresses, sourced from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches, has been added to the Have I Been Pwned data breach notification service. This addition enables individuals to check if their accounts have been compromised through the use of Telegram combolists.

What are Telegram combolists?

Cybersecurity experts gathered these credentials from various Telegram cybercrime channels, where such stolen data is frequently leaked to enhance the reputation and subscriber count of the channels.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The leaked data typically consists of username and password combinations (often stolen via credential stuffing attacks or data breaches), usernames and passwords along with associated URLs (exfiltrated via password-stealing malware), and raw cookies (also stolen via password-stealing malware).

The researchers shared 122 GB of credentials with Troy Hunt, the founder of Have I Been Pwned, sourced from numerous Telegram channels.

According to Hunt, this dataset is extensive, encompassing 361 million unique email addresses, with 151 million of these never previously seen by the data breach notification service.

“It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the website the data pertains to,” stated Hunt.

Telegram, a widely-used messaging platform, facilitates the creation of “channels” where users can share information with visitors easily. Described by Telegram as a simple, private, and secure service, it has gained popularity among those wishing to share content anonymously, including data breach information. Many of the breaches previously uploaded to Have I Been Pwned have been disseminated via Telegram, as it provides an effortless means to publish this type of data.

What is a combolist?

A combolist is a compilation of email addresses and corresponding passwords that have been gathered, often illicitly, from various data breaches, credential stuffing attacks, and other hacking activities. These lists are typically used by cybercriminals to attempt to access accounts by trying these combinations across multiple services.

Below is an example of how data posted to Telegram typically appears:

telegram combolists
(Image credit)

These are known as “combolists,” which are combinations of email addresses or usernames paired with passwords. These combinations are crucial for authenticating access to various services, and attackers frequently use them to conduct “credential stuffing” attacks, where they attempt to access multiple accounts en masse using the lists. The example provided above breaks the combos down by their respective email service providers. For instance, the last example from Gmail includes over a quarter of a million rows formatted like this:

telegram combolists
(Image credit)

This is just one example among numerous files spread across various Telegram channels. The data forwarded to me last week originated from 518 different channels and comprised 1,748 separate files similar to the one above. While some files contained no data (0kb), others were several gigabytes in size with tens of millions of rows. For instance, the largest file begins as follows:

This appears to be the result of info stealer malware, which captures credentials as they are entered into websites on compromised devices. For instance, the initial record seems to have been intercepted when an individual attempted to log in to Nike. To gauge the accuracy of this data, simply visit the Nike homepage and click on the login link, which will display the following screen:

telegram combolists
(Image credit)

By examining the login screen, one can infer the validity of the captured credentials, as the data matches the format of typical login attempts. This method provides a straightforward way to verify the integrity and relevance of the leaked information found in Telegram combolists.

Is this a Telegram data breach we are witnessing in 2024?

Yes, it is, but Telegram is not responsible for that. Telegram itself hasn’t been breached. Instead, Telegram is being used as a channel by cybercriminals to share and distribute stolen data. This data, which includes email addresses and passwords, comes from various sources like password-stealing malware, credential stuffing attacks, and other data breaches. Cybersecurity experts have gathered this data from numerous Telegram channels to add to Have I Been Pwned, allowing people to check if their accounts are compromised.

How to delete your Telegram account?

Deleting your Telegram account won’t help with the security issue at hand since the breach involves data shared on the platform, not Telegram itself.

However, if you still wish to delete your Telegram account, here’s how you can do it:

  • Open the Telegram deactivation page: Visit my.telegram.org/auth from your browser.
  • Log in: Enter the phone number associated with your Telegram account.
  • Confirmation code: You will receive a confirmation code via Telegram. Enter this code on the website.
  • Delete account: After logging in, select the option “Delete Account” and follow the prompts to permanently remove your account

Editor’s note: I visited the Have I Been Pwned site and checked my personal email. To my surprise, it turned out that my email was also compromised.

You can see the result in the image below:

telegram combolists
Screenshot taken from Have I Been Pwned

Featured image credit: Kerem Gülen/Midjourney

Tags: FeaturedTelegram

Related Posts

Shinyhunters extorts Red Hat over stolen CER data

Shinyhunters extorts Red Hat over stolen CER data

October 7, 2025
CPAP breach exposes data of 90k military members

CPAP breach exposes data of 90k military members

October 7, 2025
Fight for the Future launches campaign to protect VPN access

Fight for the Future launches campaign to protect VPN access

October 6, 2025
Yubico survey: 62% of Gen Z engaged with phishing scams

Yubico survey: 62% of Gen Z engaged with phishing scams

October 6, 2025
High-resolution computer mice can listen to conversations through desk vibrations

High-resolution computer mice can listen to conversations through desk vibrations

October 6, 2025
Could CTEM have prevented the Oracle Cloud breach?

Could CTEM have prevented the Oracle Cloud breach?

October 5, 2025

LATEST NEWS

AT&T launches nationwide 5G Standalone network

EU announces its new AI plan with a €1B budget

Google just accidentally revealed a new Docs AI feature for Android

Sora’s invite-only launch was almost as big as ChatGPT’s public one

That ultra-rugged Nokia phone is reportedly making a modern comeback

New WhatsApp interface is appearing for a select few on iOS

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.