What happened
According to public breach records, the Combolists Posted to Telegram data breach on May 28, 2024 is reported to have exposed the personal information of 361,468,099 accounts.
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have been sourced from a combination of existing combolists and info stealer malware.
In late May/early June 2024, a security researcher provided Troy Hunt (Have I Been Pwned) with 122GB of credential data scraped from roughly 518 malicious Telegram channels, spanning about 1,700 files and 2 billion rows containing 361 million unique email addresses paired with passwords, usernames, and often the website each credential was entered into. Telegram itself was not breached; criminals used the platform's public channels to distribute the data, which appears to have been compiled from pre-existing combolists and from infostealer malware that harvested logins as victims typed them into sites on compromised machines. It was notable because 151 million of the email addresses had never appeared in Have I Been Pwned before, and Hunt verified authenticity by contacting subscribers who confirmed the leaked passwords and sites were accurate.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Combolists Posted to Telegram |
| Date | May 28, 2024 |
| Accounts affected | 361,468,099 |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Combolists Posted to Telegram; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change the password on any account whose email appears in the dataset, and never reuse that password across sites — combolists are weaponized for credential-stuffing attacks.
- Enable two-factor authentication (preferably an authenticator app or hardware key) on email, banking, and other high-value accounts so a leaked password alone cannot grant access.
- Use a password manager to generate a unique credential per site, since this data pairs emails with the exact websites where passwords were used.
- Because much of this data came from infostealer malware on compromised devices, run a reputable malware scan and watch for phishing or extortion emails that reference your real credentials.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Troy Hunt: Telegram Combolists and 361M Email Addresses
- Have I Been Pwned: Combolists Posted to Telegram
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →