Have I Been Pwned (HIBP), the leading data breach monitoring service, has significantly expanded its database with the addition of over 284 million compromised accounts discovered in infostealer logs distributed through Telegram channels. This massive update represents one of the most substantial additions to the platform’s repository of compromised credentials.
Unprecedented Scale of Compromised Data Analysis
The newly processed dataset, originating from the ALIEN TXTBASE Telegram channel, comprises 1.5 terabytes of data containing 23 billion records and 493 million unique combinations of websites and email addresses. Exactly 284,132,969 compromised accounts were identified during the analysis — credentials stolen by infostealers and subsequently traded in Telegram-based criminal marketplaces.
284 Million Accounts from Telegram Credential Leaks Now in HIBP
Anyone whose email address and password combination was captured by an infostealer malware infection — typically through phishing, trojanized software, or malicious browser extensions — may be included in this dataset. The data spans hundreds of services, meaning users of banking portals, email providers, social networks, and e-commerce platforms could all be affected. The presence of credentials in this dataset does not necessarily mean a service was breached; in most cases the user’s own device was compromised by malware.
Substantial Enhancement to Password Security Database
The integration of this new dataset has resulted in a remarkable expansion of HIBP’s Pwned Passwords database, with the addition of 244 million previously unrecorded passwords. Furthermore, the service has updated information for 199 million existing password entries, providing fresh insights into password compromise patterns and frequency of occurrence.
Advanced Verification Protocols and Data Access
Before integration into the HIBP database, the dataset underwent rigorous verification procedures. The verification process included practical testing of password reset capabilities across various services using email addresses from the discovered dataset, confirming the authenticity of the compromised credentials.
Enterprise-Level Monitoring Capabilities
HIBP has implemented enhanced API access features allowing organizations to perform up to 1,000 email address checks per minute. Domain owners and website administrators with active subscriptions can now efficiently monitor and identify compromised user accounts within their systems, enabling rapid response to potential security threats.
What to Do If Your Data Was Exposed
- Check your email address at haveibeenpwned.com immediately to see if it appears in this or any other breach dataset
- Change passwords on any service where you reused the compromised password — especially banking, email, and cloud storage accounts
- Enable two-factor authentication (2FA) on all critical accounts; infostealer-stolen credentials paired with 2FA are significantly harder to exploit
- Run a full antivirus and anti-malware scan on devices that may have been infected by an infostealer
- If you are a domain administrator, use the HIBP domain search or API to identify compromised accounts among your users and force password resets
The service maintains strict privacy protocols by limiting detailed breach information access to its notification system, protecting users from potential exposure of sensitive service usage. This update follows HIBP’s strategic initiative to incorporate data from Telegram channels, building upon a previous addition of 361 million compromised email addresses from a similar source.
