Comeon-Book

We've observed a consistent trend of older breaches resurfacing in credential stuffing attacks and being traded on various forums. What caught our attention wasn't necessarily the size of this particular breach, but the fact that it involved plaintext passwords from a relatively obscure platform. The data had been circulating quietly, but we noticed an uptick in mentions related to "legacy" credential lists, prompting a closer look. The fact that this breach is now being actively leveraged again, years after the initial incident, underscores the persistent risk associated with poor password security practices.

Comeon-Book Breach: 42k Plaintext Passwords Resurface in Credential Stuffing Lists

The Comeon-Book breach, originally occurring in July 2017, exposed 42,249 unique email addresses and, critically, plaintext passwords. The breach involved a Thai-based fan fiction publishing platform and community. The data has been observed being traded on various platforms in recent weeks, included in "legacy" combolists targeting older accounts that may have reused credentials. The discovery highlights the enduring risk of breaches where passwords were not properly hashed and salted.

The breach initially came to light in July 2017 and was added to the HIBP database shortly after. It has resurfaced recently due to its inclusion in combolists targeting older, less secure accounts. The simplicity of the passwords stored, coupled with their age, makes them valuable for attackers attempting to compromise accounts on other platforms through credential stuffing attacks. This is particularly relevant as users often reuse passwords across multiple services.

The re-emergence of this breach is a stark reminder of the long-term implications of poor security practices. Even breaches from years ago can pose a significant risk if the exposed data includes easily compromised credentials. It is especially concerning that plaintext passwords were stored, indicating a severe lack of security awareness at the time of the breach. This reinforces the importance of regularly monitoring for exposed credentials and encouraging users to update their passwords, especially on older accounts.

Key point: Total records exposed: 42,249

Key point: Types of data included: Email Address, Plaintext Password

Key point: Leak location(s): Combolists, Breach Forums

Key point: Date leaked: 23-Jul-2017

Troy Hunt added the Comeon-Book breach to HaveIBeenPwned (HIBP) shortly after it occurred in 2017, allowing individuals to check if their email address was part of the exposed data. Security researcher "Pluto" noted on X (formerly Twitter) in 2017 that the breach involved plaintext passwords, calling it "a terrible practice".

Email · Address · Plaintext · Password