We're seeing an uptick in breaches targeting niche online communities, often with a cultural or regional focus. These smaller sites frequently lack the robust security infrastructure of larger platforms, making them attractive targets. Our team discovered a recent leak impacting **MaReads**, a Thai-language platform for fiction and comics. What really struck us wasn't the size of the breach—**74,827** records—but the combination of personal data points exposed, including phone numbers and birthdays, increasing the risk of targeted social engineering attacks against this specific user base. The data had been circulating quietly on an underground forum, but we noticed increased chatter around it in Thai-language Telegram groups, indicating active exploitation.

MaReads Breach: 74k User Records Exposed on Underground Forum

The **MaReads** breach, surfacing in late **June 2025**, involved a compromised database containing sensitive user information. The leak was discovered on a relatively obscure underground forum known for hosting data dumps from smaller websites. The combination of email addresses, usernames, phone numbers, and birthdays within a relatively small, culturally specific user base caught our attention. This type of data is highly valuable for identity theft and targeted phishing campaigns, particularly within the Thai-speaking community. This breach underscores the growing trend of attackers targeting smaller, regional platforms as a stepping stone to larger-scale attacks or for specific, localized scams.

Breach Stats:

* Total records exposed: **74,827**
* Types of data included: **Email Address, Username, Phone Number, Birthday**
* Sensitive content types: **PII**
* Source structure: **Database**
* Leak location(s): **Underground forum**
* Date of first appearance: **28-Jun-2025**

The breach was first reported on several Thai-language tech news sites, which highlighted the potential risks to users. Discussions on local online forums indicated concern among **MaReads** users, with some reporting an increase in suspicious SMS messages and unsolicited calls. The leaked data also appeared briefly on a Telegram channel known for aggregating breached databases, with one post claiming the data could be used to "verify identities and target specific demographics" for scams. This aligns with broader observations of cybercriminals increasingly focusing on data enrichment and targeted attacks, leveraging seemingly small breaches to build comprehensive profiles of individuals.

Email · Address · Username · Phone · Number · Birthday

We've been tracking a steady increase in the volume of stealer logs appearing on Telegram channels over the past quarter, but the sheer scale and content of a recent leak caught our attention. It wasn't just the number of records—over **8 million** unique email addresses—but the inclusion of plaintext passwords and homepage URLs that suggested a serious lapse in security practices. The data had been circulating quietly, packaged within a larger stealer log, but we noticed a specific pattern pointing back to a single source: **MaReads**.

MaReads Breach: 8 Million Records Exposed Via Telegram Stealer Log

A stealer log titled **@TXTLOG_ALIEN - 693.txt**, containing approximately **51.1 million** lines of data, was disseminated on a Telegram channel on **January 19, 2025**. Upon analysis, this log revealed a breach originating from **MaReads**, a website, exposing **8,064,258** unique email addresses, plaintext passwords, and homepage URLs. The breach highlights the persistent risk posed by compromised systems and the ease with which sensitive data can be exfiltrated and distributed via readily accessible platforms. The storage of passwords in plaintext is a particularly egregious security failure, making this breach significantly more damaging.

Breach Stats:

* Total records exposed: **8,064,258**
* Types of data included: **Email Addresses, Plaintext Passwords, Homepage URLs**
* Sensitive content types: **Potentially PII via homepage URLs**
* Source structure: **Contained within a larger TXT log file**
* Leak location: **Telegram channel (@TXTLOG_ALIEN - 693.txt)**
* Date of first appearance: **January 19, 2025**

The appearance of this data within a larger stealer log underscores a common pattern: attackers often bundle data from multiple sources to maximize its value. This tactic, discussed in a recent report by **Recorded Future**, allows them to target a wider range of victims and increase the likelihood of successful credential stuffing attacks. The fact that the passwords were stored in plaintext suggests a fundamental flaw in MaReads' security architecture, a practice that has been widely condemned by security experts for years. This kind of failure is often seen in older or poorly maintained systems.

Email · Address · Homepage · Url · Plaintext · Password