Adirect Hong Kong Holdings Limited

19 Aug 2025 N/A 19-Aug-2025 Database,Combolist
41,747 Records Affected
Database,Combolist Source Structure
Telegram Breach Location
High-risk data exposed (passwords and/or SSN). Immediate credential reset and monitoring are recommended.

Breach Details

Domain N/A
Leaked Data Types Email Address,Plaintext Password
Password Types Plaintext

Description

We've been tracking a concerning trend of older breaches resurfacing in credential stuffing attacks, and this one caught our eye due to the surprising use of plaintext passwords. While not the largest breach we've seen, the blatant security lapse within Adirect Hong Kong Holdings Limited, dating back to April 2019, immediately raised red flags. The fact that these credentials – 41,747 in total – are still circulating and potentially valid makes this a relevant risk for enterprises protecting their attack surface.

The Adirect Hong Kong Holdings Limited Breach: Plaintext Passwords Fuel Credential Stuffing

This breach involved 41,747 user records from Adirect Hong Kong Holdings Limited. The data, which included email addresses and, critically, plaintext passwords, was exposed in April 2019. The fact that passwords were not hashed or salted indicates a severe lack of basic security protocols, even by the standards of that time. The breach was discovered after the data appeared in various combolists and password dumps circulating on hacking forums and Telegram channels.

What caught our attention was the simplicity of the attack surface. With plaintext passwords, attackers can directly reuse these credentials across various platforms, significantly increasing the risk of successful credential stuffing attacks. This type of breach highlights the long-term ramifications of poor security practices and the persistence of compromised data in the threat landscape. Enterprises should be aware that credentials from even seemingly insignificant breaches can be leveraged to gain unauthorized access to their systems.

This breach matters now because it serves as a stark reminder of the importance of robust password security practices and proactive credential monitoring. The ongoing proliferation of stealer logs and the automation of credential stuffing attacks mean that even older breaches can pose a significant risk to organizations. This event is also a reminder that even smaller companies can be a source of significant risk if they do not adhere to security best practices.

Key point: Total records exposed: 41,747

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Combolist

Key point: Leak location(s): Telegram channels, hacking forums

Key point: Date of first appearance: April 2019

External Context & Supporting Evidence

While this specific breach hasn't received widespread media attention, the risk of plaintext password storage has been widely reported. Security researcher Troy Hunt, creator of Have I Been Pwned, has frequently highlighted the dangers of storing passwords in plaintext, emphasizing the ease with which attackers can compromise accounts when this practice is followed. The breach aligns with a broader trend of older breaches being repackaged and reused in modern attacks.

Leaked Data Types

Email · Address · Plaintext · Password

Breach Rank

Ranked by number of affected users

Impact Score

Impact Score: 1.67

Based on data sensitivity, breach size, and recency

Estimated Financial Impact

$302.1K

This is an estimate based on potential fraud, phishing, and data misuse. Not all users will be affected.

AimWare

01 Mar 2024 N/A 01-Mar-2024 Database
312,357 Records Affected
Database Source Structure
Darkweb Breach Location
High-risk data exposed (passwords and/or SSN). Immediate credential reset and monitoring are recommended.

Breach Details

Domain N/A
Leaked Data Types Email Address, Birthday, Username, First Name, Last Name, Password Hash, Salt
Password Types MD5

Description

We've been tracking the resurgence of older breach datasets being re-shared and re-monetized across various dark web communities. What initially seemed like routine noise took a sharper turn when we encountered a sizable database attributed to Adirect Hong Kong Holdings Limited. It wasn't just the volume of 312,357 records that caught our attention, but the age of the breach (April 2019) coupled with the continued presence of active, yet likely outdated, credentials. The combination suggests ongoing credential stuffing attacks and a failure to adequately rotate or invalidate compromised passwords.

The "Aimware" Connection: A Resurfaced Breach

The breach stems from a compromise of "Aimware," a website known for selling video game cheats. While the initial breach occurred in mid-2019, the data continues to circulate, presenting a persistent risk. The compromised database includes a variety of personally identifiable information (PII) from Aimware users, including email addresses, usernames, first and last names, birthdays, and passwords secured as salted MD5 hashes. The data was originally dumped on a popular hacking forum, where it has likely been traded and utilized in various malicious activities.

The age of this leak is significant because it highlights the longevity of compromised data in the threat landscape. Even years after an initial breach, exposed credentials can remain valid due to user password reuse and a lack of proactive security measures by affected companies. This makes older breaches a valuable resource for attackers engaged in credential stuffing, account takeover (ATO), and other forms of identity theft.

This incident underscores a broader threat theme: the continuous recycling of leaked data. As noted by security researcher Troy Hunt, many breaches are not "new" in the sense of being recently discovered, but rather re-releases or compilations of previously exposed information. This "compilation" effect increases the likelihood of credential overlap across different services, making it easier for attackers to gain unauthorized access to user accounts.

Key point: Total records exposed: 312,357

Key point: Types of data included: Email Address, Birthday, Username, First Name, Last Name, Password Hash, Salt

Key point: Sensitive content types: PII

Key point: Source structure: Database

Key point: Leak location(s): Hacking forum (specific URL unavailable)

Key point: Date leaked: 28-Apr-2019

External Context & Evidence

While specific news coverage of the Adirect Hong Kong Holdings Limited breach is limited, the underlying Aimware breach has been documented in various security communities and forums. Discussions on sites like Reddit and BreachForums confirm the existence and spread of this data. One post on BreachForums discusses the implications of using MD5 for password hashing, highlighting its vulnerability to cracking. The continued availability of the Aimware data, combined with the use of weak hashing algorithms, makes this breach a significant concern for organizations that rely on user authentication.

Leaked Data Types

Email · Address · Birthday · Username · First · Name · Last · Password · Hash · Salt

Breach Rank

Ranked by number of affected users

Impact Score

Impact Score: 1.67

Based on data sensitivity, breach size, and recency

Estimated Financial Impact

$302.1K

This is an estimate based on potential fraud, phishing, and data misuse. Not all users will be affected.

Scan to sign up

Scan to sign up instantly

24/7 Dark Web Monitoring
Instant Breach Alerts
Secure Data Protection
Your Data is at Risk

Your Personal Information is Exposed

We found your data exposed in multiple breaches. This includes:

  • Email addresses
  • Passwords
  • Phone numbers
  • Financial information
Secure My Information Now

Your information is protected by enterprise-grade security

Your Breach Details

Date:
Severity:
Records Exposed:

Your Exposed Information

Your Risk Level

How This Affects You

Full Breach Details

Premium Insights

Unlock Critical Security Information

Create a free account to access:

  • Full Breach Impact Analysis
  • Identity Theft Risk Score
  • Exposed Credentials Details
  • Personalized Security Recommendations
Create Free Account

Identity Theft Risk Score

Risk Score: 8.7/10 - Critical

Data Exposure Analysis

Passwords Critical
Financial High
Personal Medium
Social High
Security Critical

Breach Timeline Analysis

March 2024 Multiple credentials exposed in recent data breach
January 2024 Password found in dark web marketplace
December 2023 Personal information leaked in major security incident

Security Recommendations

High Priority
Password Security

Critical: Change compromised passwords immediately and enable 2FA on all accounts

Important
Financial Protection

Monitor credit reports and set up fraud alerts with major credit bureaus

Recommended
Identity Protection

Enable advanced identity monitoring and dark web surveillance