Comprog

We've been tracking a resurgence in older database breaches appearing in combolist attacks, often targeting users who may have reused credentials across multiple platforms. What really struck us about the Comprog breach, initially reported in June 2017, wasn't the volume of records, but the fact that it contained plaintext passwords. This immediately elevates the risk, as these credentials can be readily used in credential stuffing attacks against other services. The fact that the platform catered to programmers also raises concerns, as compromised accounts could potentially be used to access or modify code repositories.

Comprog's 2017 Leak: A Reminder of Persistent Credential Risks

The Comprog breach, impacting approximately 62,992 users, involved the exposure of email addresses and, critically, plaintext passwords. This means the passwords were not hashed or encrypted, making them immediately usable by attackers. The breach surfaced in June 2017, impacting a Russian educational platform for programmers. The re-emergence of this data now, years later, underscores the long tail of risk associated with legacy breaches and the continued value of old credentials in automated attacks.

The plaintext nature of the passwords is the most concerning aspect of this breach. While many breaches involve hashed passwords (which require cracking efforts), plaintext passwords can be immediately used to compromise user accounts across various platforms. This breach matters to enterprises now because the exposed credentials could be used to target employees who may have reused the same passwords for corporate accounts. This highlights the urgent need for password hygiene and monitoring for compromised credentials.

Key point: Total records exposed: 62,992

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Likely a database dump, given the nature of the data.

Key point: Leak location(s): Commonly found within combolists used in credential stuffing attacks across various platforms.

Key point: Date of first appearance: June 8, 2017

While specific forum posts discussing the initial leak are difficult to verify without precise URLs from that period, data breaches of this type are regularly aggregated into combolists and sold or traded on various dark web forums and Telegram channels dedicated to credential stuffing. Security researchers have repeatedly warned about the dangers of plaintext password storage. For example, Troy Hunt's Have I Been Pwned service has documented numerous breaches involving plaintext passwords, highlighting the persistent risk. The re-emergence of these older breaches underscores the importance of continuous monitoring and proactive password resets for users potentially affected by past compromises.

Email · Address · Plaintext · Password