ALIEN TXTBASE Stealer Logs Breach

​In February 2025, our team embarked on an in-depth analysis of the ALIEN TXTBASE Telegram channel, a known hub for disseminating information-stealer logs. Over the course of this operation, we successfully collected and examined approximately 620 million rows of data shared through this channel. This dataset encompasses a vast array of compromised credentials, including email addresses, passwords, and associated website information.​

ALIEN TXTBASE is recognized for distributing URL:username:password (ULP) combo lists, which are large compilations of credentials typically derived from infostealer malware logs. These logs are generated when malware infects a device and extracts sensitive information stored in browsers, such as login credentials, cookies, and saved credit card details. The data is then aggregated and shared on platforms like Telegram, making it accessible to a wide audience of cybercriminals.

Our analysis revealed that the dataset contained a significant number of unique email addresses and password combinations. While some of the data appeared to be recycled from previous breaches, a substantial portion was new, indicating ongoing and active infostealer campaigns. The presence of plaintext passwords and associated website information poses a considerable risk, as it facilitates credential stuffing attacks, where attackers use these credentials to gain unauthorized access to user accounts across various platforms.​