Cyberbody

We've been tracking the resurgence of older breach datasets in combolists traded on Telegram and dark web forums. What really struck us wasn't the age of this particular dataset, but its persistent utility to attackers targeting Russian-speaking users. The Cyberbody breach, initially reported in August 2018, continues to surface in collections used for credential stuffing and account takeover attempts. This highlights the long tail of risk associated with even seemingly dated breaches, especially when targeting specific demographics.

The Russian E-commerce Breach Still in Circulation

The Cyberbody breach involved a Russian e-commerce platform and exposed approximately 53,369 unique email addresses and password hashes. The breach was initially reported in August 2018 after the data was posted on a popular hacking forum. While the number of records is relatively small compared to more recent mega-breaches, the data's continued presence in combolists suggests ongoing value to threat actors, particularly those targeting users within the Russian Federation.

The fact that this breach involved phpBB hashed passwords is also significant. While hashing is a basic security measure, older hashing algorithms are more susceptible to cracking, especially if users employed weak or commonly used passwords. This increases the likelihood of successful credential reuse attacks.

This matters to enterprises now because it underscores the importance of proactive password monitoring and the need to identify compromised credentials associated with employee accounts, even if the breach is several years old. Attackers often leverage older breaches to gain initial access to corporate networks or cloud services.

Key point: Total records exposed: 53,369

Key point: Types of data included: Email addresses, password hashes (phpBB)

Key point: Sensitive content types: Potentially PII if linked to other databases.

Key point: Source structure: Likely a database dump (exact format not specified in original reports)

Key point: Leak location(s): Hacking forums, combolists on Telegram and dark web marketplaces

Key point: Date of first appearance: August 2018

While direct reporting on the Cyberbody breach is limited, its appearance in combolists aligns with broader trends. Security researchers have documented the widespread availability of breached credentials on Telegram channels and dark web forums. These combolists are often compiled from multiple sources and used in automated attacks against various online services. The persistence of this data, even after several years, demonstrates the enduring value of breached credentials to attackers.

Email · Address · Password · Hash