What Happened
In February 2025, specifically around February 15, the “ALIEN TXTBASE 23B” data breach involved the public release of over 23 billion rows of stealer logs—credentials harvested by malware from infected devices—originally compiled and distributed via a Telegram channel called ALIEN TXTBASE, which served as a hub for cybercriminals to share or sell the data. This massive 1.5TB dataset exposed approximately 284 million unique email addresses, along with associated cleartext passwords, usernames, website URLs where credentials were entered, and phone numbers, affecting potentially countless accounts due to password reuse; it was indexed on Have I Been Pwned by February 25, enabling searches by email or website domain. While some logs contained authentic recent malware thefts, analysis revealed a mix of real data, recycled credentials from prior leaks (e.g., 2020 combolists), artificially generated or non-existent emails, and formatting errors, tempering claims of it being a purely novel threat. No single company was targeted; instead, it aggregated logs from widespread infections via methods like pirated software downloads.
