AllMyFavorites.net

We've observed a concerning trend of older breaches resurfacing, often weaponized in credential stuffing attacks or used to enrich existing intelligence on threat actors. What really struck us about the recent reappearance of the AllMyFavorites.net data wasn't the scale—just over 42,000 accounts—but the continued presence of plaintext passwords from a 2017 breach. This highlights the enduring risk posed by older, seemingly forgotten data leaks and the persistent failure of some services to implement basic security measures.

The AllMyFavorites.net Breach: Plaintext Passwords from a Bygone Era

In late November 2017, AllMyFavorites.net, a now-defunct online bookmark management service, suffered a data breach. The exposed data, containing over 42,000 unique email addresses and plaintext passwords, recently resurfaced on a popular hacking forum. The breach initially caught our attention due to the age of the data and the continued use of plaintext storage, a practice long considered unacceptable in modern web development. The fact that this data is still circulating and potentially being used in attacks underscores the importance of proactive password resets and the long-tail risk associated with legacy data breaches.

The re-emergence of this breach is particularly concerning for enterprises because it demonstrates the potential for old credentials to be used in attacks against employees who may have reused those passwords on corporate accounts. It also highlights the need for continuous monitoring of threat intelligence feeds for compromised credentials related to employee email addresses.

Breach Stats

Key point: Total records exposed: 42,504

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Unknown, but likely a database dump or export.

Key point: Leak location(s): Prominent hacking forum.

Key point: Date of first appearance: November 23, 2017 (initial breach); recently resurfaced.

External Context & Supporting Evidence

While there was limited mainstream media coverage of the AllMyFavorites.net breach when it initially occurred, the incident was documented on breach notification sites like HaveIBeenPwned (HIBP). The re-emergence of the data on hacking forums suggests a continued interest in exploiting these credentials. Security researchers have repeatedly warned against the dangers of plaintext password storage, yet breaches like this continue to surface, demonstrating a persistent gap in security awareness and implementation. The HIBP entry can be found here.

Email · Address · Plaintext · Password