More than 361 million unique user email addresses were leaked from various Telegram channels, 151 million of which had never been seen online before – Written by Troy Huntthe Have You Been Pwned (HIBP) The cybersecurity expert is behind it. HIBP is a website where anyone can check whether their email address has been leaked or not.
In addition to emails, there are also users' passwords, as well as, in many cases, the pages where these pairs are used. Hunt tested several email addresses to see if there was actually a user associated with them on the specific pages, and came to the conclusion that real data had been leaked. This does not mean that there was a major data leak at a particular site or company, in most cases the data was extracted using phishing and spyware methods.
Do not access accounts using the passwords provided, as this is considered unauthorized access. But on many sites, simply entering an email address is enough to make it look like the user belongs there.
For example, one file looked like this. Lots of rows of email addresses in Gmail, with their passwords next to them – Source: Troy Hunt
There are a whopping 122 pieces of data in total, which may not seem like a lot at first, but in many cases, these are text files that typically take up relatively little space. There are more than 1,700 files containing 2 billion lines of information (one line is usually the page title, email address and password for the user account there). It was extracted from hundreds of Telegram channels by a cybersecurity expert before being sent to Hunt.
On his blog, Hunt shows in detail, with pictures, exactly how he verified that the leaked data was real, and also writes about his followers' reaction when he informed them that their login data had been leaked. The expert recommends everyone use an antivirus program (such as Windows Defender), use unique passwords and a password manager, and turn on two-step authentication wherever possible.
