Skip to the content.

DIVD-2021-00015 - Telegram OD

Our reference DIVD-2021-00015
Case lead Victor Gevers
  • n/a
Product n/a
Versions n/a
Recommendation Change your passwords, check if credentials have been abused, check your computer and consider reinstalling it, make sure your antivirus is up to date...
Status Open
Last modified 20 Jun 2022 07:35


During an investigation into vendors who sell stolen credentials, one of our researchers has discovered a Telegram group full of usernames and passwords that criminals have stolen from their victims’ systems or by hacking into these companies and websites and services. Because this is an open Telegram group, we managed to extract the stolen data to notify the victims.

What you can do

Change your passwords

The username-password combinations from the list below are no longer safe to use. It would be best if you changed these passwords on every site you use them. We know that is a lot of work, but criminals often try out username and password combinations on other sites as well; this is known as credential stuffing.

Check if the passwords have been abused

Check if the password has been abused between the date they were stolen and now. E.g., for ordering products or services in your name.

Check your computer and consider reinstalling it

These passwords were stolen using a virus or other type of malicious program. Or, to put it more plainly: the computer these passwords were stolen from was hacked. If you still use the same computer as you were on the day the passwords were stolen, we recommend that you get it reinstalled.

Make sure your antivirus is up to date.

Your data was stolen with a virus or another type of malicious software. Using an up-to-date antivirus program helps to protect you from future threats.

Start using a password manager and unique passwords per site

When you store passwords in your browser, a hacker that has compromised your computer can easily access them. This is what has happened in this case as well. Password managers like 1Password, Dashlane, Robopass, KeePass, LastPass, etc., are much harder to crack. Additionally, they allow you to use a unique password for each site. People often use the same few passwords for many different sites. This means that if such a site or your computer gets compromised, that password has to be changed on multiple sites at the same time. Using a unique password for each site makes the life of these criminals harder and means you do not have to change this many passwords if this ever happens again.

Subscribe to and

These two projects keep track of databases with stolen and leaked credentials and send out a warning to you in case your data turns up in one.

What we are doing

The database we discovered contained millions of username-password combinations. We are processing the data. After this, we start notifying the people and organizations which are affected by this data leak.


Date Description
10 Jun 2021 DIVD Researcher finds the stolen credentials.
12 Jun 2021 DIVD starts processing this data and starts with the victim notification process.
gantt title DIVD-2021-00015 - Telegram OD dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2021-00015 - Telegram OD (still open) :2021-06-10, 2022-08-17 section Events DIVD Researcher finds the stolen credentials. : milestone, 2021-06-10, 0d DIVD starts processing this data and starts with the victim notification process. : milestone, 2021-06-12, 0d