We've been tracking a resurgence of older data breaches surfacing on underground forums, often repackaged and sold as "new" leads. What really struck us wasn't the scale of these dumps, but the continued presence of plaintext passwords, a practice that should be extinct by now. The latest instance involves a breach at Bogue Asset Management dating back to October 2017. While the age of the breach isn't new, its reappearance and the inclusion of sensitive data in plaintext format demands immediate attention. The data had been circulating quietly, but we noticed the recent uptick in chatter and the repackaging of the information on a prominent hacking forum.
The Bogue Asset Management breach, initially occurring in October 2017, has resurfaced, exposing 16,932 user records. The compromised data includes email addresses and, critically, plaintext passwords. The breach was discovered after the dataset was posted on a well-known hacking forum, sparking renewed interest and potential exploitation. The inclusion of plaintext passwords is particularly concerning, as it allows for trivial account takeover and credential stuffing attacks across other platforms. This incident underscores the enduring risk posed by poor data security practices, even years after the initial compromise. It highlights how older breaches can be weaponized in subsequent attacks, especially when basic security measures like password hashing are absent.
Key point: Total records exposed: 16,932
Key point: Types of data included: Email Addresses, Plaintext Passwords
Key point: Source structure: Database
Key point: Leak location: Prominent hacking forum
Key point: Date of first appearance: 12-Oct-2017
The re-emergence of this breach aligns with a broader trend of older datasets being recycled and traded within cybercriminal communities. The practice of posting such data on hacking forums serves multiple purposes: establishing reputation, facilitating credential stuffing attacks, and enabling further exploitation. The lack of password hashing, as seen in the Bogue Asset Management case, is a recurring theme in older breaches, making them particularly attractive to attackers. The fact that this data is still valuable years later reinforces the need for organizations to proactively monitor for compromised credentials and implement robust password security measures.
Email · Address · Plaintext · Password
See if your personal information has been exposed in data breaches
Scan to sign up instantly
We found your data exposed in multiple breaches. This includes:
Your information is protected by enterprise-grade security