Monday , June 2 2025
computer

361 Million Unique Email Credentials Leaked On Telegram

A big data breach was found with a combolist containing 122GB of data containing 361 million unique email addresses taken from thousands of Telegram channels.

The dataset contains passwords and websites linked to them. It reveals a lot of new data that has been added to the breach alert service called Have I Been Pwned (HIBP).

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

CVE-2023-39780
Botnet hacks thousands of ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to...
Read More
CVE-2023-39780  Botnet hacks thousands of ASUS routers

Bangladesh Bank instructed using AI to prevent online gambling

The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central...
Read More
Bangladesh Bank instructed using AI to prevent online gambling

251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch

Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May...
Read More
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch

Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets

Recent security research has shown that attackers can weaken zero-trust security frameworks by exploiting a key DNS vulnerability, disrupting automated...
Read More
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets

Troy Hunt reported a discovery last week made by an anonymous researcher. The dataset includes 151 million email addresses not previously listed in the service, with 2 billion lines in 1,748 files. This shows that Telegram is widely used for sharing sensitive and illicit data.

Telegram is a messaging platform that offers privacy features. It lets users create channels to share information anonymously. Some people use this feature to distribute data from breaches. These data collections, also known as “combolists,” contain combinations of email addresses or usernames with passwords. These combolists are used in attacks to gain unauthorized access to accounts.

Data sent to Hunt came from 518 Telegram channels and had different sizes. Some files were very large, with millions of rows. The biggest files seemed to be a result of info stealer malware. This malware captured login information when people entered it on compromised computers. Hunt made sure the data was real by contacting HIBP subscribers and confirming that the stolen login information was accurate.

Responses from subscribers varied when contacted. Some recognized old passwords that had been used before, while others confirmed new and previously unseen data. For instance, one subscriber recognized passwords that had been used for different services over the past five years, and another identified credentials related to their daughter’s old Epic Games account. These verifications highlight the legitimacy of the data and the continued risk of credential theft.

Credential stuffing attacks use these combolists to access large numbers of accounts, which is a major threat to users. Various websites, such as Nike, Footlocker, and an Italian tire retailer, have confirmed that the stolen data includes email addresses, showing that many users are affected.

Given the severity of this breach, users are advised to take immediate action to secure their accounts:
Create new and unique passwords for all accounts.
Use a reliable password manager to create and save strong passwords.
Use two-factor authentication (2FA) whenever you can.
Check your accounts regularly for any unusual activity and turn on alerts for any unauthorized access attempts.
Update all your devices with the latest security patches.

Check Also

184 Million

184 Million Leaked Credentials Discovered in Open Database

Security researchers have discovered a database with 184 million account credentials, highlighting the need to …

Leave a Reply

Your email address will not be published. Required fields are marked *