The Basediller Combolist Dropped in July 2024. The 575,660 Credentials Are Still Out There.

HEROIC analysts flagged a large combolist file uploaded to Telegram in July 2024 under the name Basediller URL-Log-Pass 90. The file exposed 575,660 records, each containing an email address or username, a plaintext password, and the URL of the site where those credentials were registered. Combolists of this size are aggregated from multiple sources, including prior data breaches, stealer logs, and credential sharing communities, then compiled into a single file structured for use in automated account takeover attacks.

Why a Half-Million-Record Combolist Puts Accounts at Immediate Risk

At 575,660 records, the Basediller URL-Log-Pass 90 file gives attackers a ready-made toolkit for credential stuffing. The URL field tells attackers exactly where each set of credentials was used, eliminating the guesswork that normally slows down unauthorized login attempts. With plaintext passwords included, no decryption or cracking is required before testing. Automated tools can cycle through all 575,660 combinations across targeted platforms within hours, flagging successful logins for manual exploitation. Banking portals, email accounts, and subscription services are all common targets in campaigns powered by files like this one.

What Was Exposed in This Leak

• Email Addresses
• Plaintext Passwords
• URLs (the specific services and sites associated with each credential)

Why This Matters for Identity Theft and Financial Fraud

Combolist data feeds some of the most damaging forms of online fraud. When attackers successfully log into an email account using stolen credentials, they often find linked financial accounts, password reset emails, and personal documents. From a single working login, an attacker can pivot to banking platforms, social media accounts, and business tools. Victims frequently do not discover the intrusion until unauthorized charges appear, accounts are locked after password changes by attackers, or personal information surfaces in subsequent scams targeting them.

How Combolists Like Basediller Are Built and Used

A combolist is not produced by a single hack. It is assembled from many sources: previous data breaches where credentials were leaked, stealer log dumps collected from malware campaigns, and trading channels where criminals share and sell credential files. The Basediller label identifies the distributor or curator of this particular collection, which is labeled as number 90, indicating this is one of many sequential releases in an ongoing series. The URL-Log-Pass format specifies the structure: each entry includes the target URL, the login credential, and the password. This precise format is designed for compatibility with credential stuffing tools that accept URL-paired data. The scale of 575,660 records signals that this file drew from a substantial archive of previously compromised data.

Check If Your Credentials Are in the Basediller Archive

HEROIC monitors combolist releases on Telegram and dark web credential markets as part of a database exceeding 400 billion exposed records. If your email address or login credentials appeared in the Basediller URL-Log-Pass 90 file, our free breach scanner will identify it. Use HEROIC's breach lookup tool to search your email now and find out which data collections include your information.