co188

We've been tracking a resurgence of older database breaches appearing on various forums and Telegram channels, often repackaged and sold as "new" leaks. What really struck us about the recent surfacing of the co188.com data wasn't the volume of records—nearly 7.7 million—but the age and the continued presence of unsalted MD5 hashes. This combination highlights a persistent risk: even old breaches can be leveraged for password cracking and credential stuffing attacks, especially when basic security practices were absent from the start. The data had been circulating quietly, but we noticed a spike in mentions on a couple of smaller breach forums, signaling renewed interest.

The co188.com Breach: A Legacy of Weak Security

The co188.com breach, a database leak from July 2011, has resurfaced, exposing nearly 7.7 million user records. The breach was discovered when a database dump appeared on several underground forums and Telegram channels known for trading breached data. What caught our attention was the presence of email addresses alongside MD5 hashed passwords and salts. The use of MD5, an outdated hashing algorithm, coupled with the age of the data, makes this breach particularly concerning. It matters to enterprises now because even if users have changed their passwords since 2011, the cracked passwords from this breach could be used in credential stuffing attacks against other services, especially if users have reused those older passwords.

Key point: Total records exposed: 7,699,299

Key point: Types of data included: Email addresses, MD5 hashed passwords, Salts

Key point: Sensitive content types: Potentially compromised credentials

Key point: Source structure: Database dump

Key point: Leak location(s): Telegram channels, Breach Forums

External Context & Supporting Evidence

While mainstream media hasn't picked up this specific reshare of the co188.com data, the broader trend of old breaches resurfacing is well-documented. Security researchers often highlight the dangers of password reuse and the longevity of leaked credentials. For example, Troy Hunt's Have I Been Pwned database contains numerous older breaches, demonstrating the long tail of risk associated with compromised data. The continued viability of MD5 cracking, even after all these years, is also a recurring theme in security discussions. Several online tools and services still offer MD5 cracking capabilities, making it relatively easy for attackers to obtain plaintext passwords from these older hashes.

Email · Hashpassword · Salt