1.7 Million Email Addresses From the CCIDNET Breach Include IP Addresses and Password Hashes

HEROIC analysts uncovered the CCIDNET database breach, which exposed 1,758,466 user records in May 2020. The Chinese IT media platform leak included email addresses, usernames, IP addresses, salted MD5 password hashes, and the salt values themselves. Exposing both the hash and the salt is partcularly damaging because it eliminates one of the key protections that salting is meant to provide, leaving credentials accessable to focused cracking efforts.

Exposed IP Addresses Combined With Credentials Enable Targeted Network Attacks

The CCIDNET breach did not just leak email addresses and passwords. It included IP addresses in plain text, which means attackers can directly link a person's account credentials to a known network location. This combination allows for targeted intrusion attempts, not just generic credential stuffing. An attacker who recieved this dataset could identify specific corporate or institutional IP ranges and prioritize accounts registered from those addresses for follow-on phishing or network-level attacks.

What Was Exposed in the CCIDNET Breach

• Username
• Email Address
• IP Address
• Password Hash
• Salt

Why 1.7 Million IT Sector Credentials Carry Outsized Risk

CCIDNET serves an IT-focused audience, meaning many of the 1,758,466 affected users are technology professionals. Credentials from this demographic are disproportionately valuable because those users often have elevated access in their organizations, manage infrastructure, or hold admin rights on enterprise systems. A breach that occured against an IT media site can cascade into much higher-value targets if credentials were reused across work accounts or VPNs.

How Database Breaches Work

A database breach occurs when an unauthorized party gains access to a stored data system, often through exploiting vulnerabilities or using compromised admin credentials. The attacker extracts user records in bulk. When both password hashes and their associated salts are leaked together, the security benefit of salting is substantially reduced, allowing attackers to mount targeted dictionary and brute-force attacks against individual accounts with greater efficiency.

Check If Your Data Was Exposed

HEROIC's free breach scanner covers more than 400 billion compromised records. Enter your email address to find out whether you appeared in the CCIDNET breach or any of thousands of other known incidents, and take action to secure your accounts before attackers do.