DNDPanel

We've observed a consistent pattern of smaller, targeted breaches surfacing on hacking forums, often involving platforms with limited security maturity. What really struck us about the DNDPanel breach wasn't the volume of records, but the inclusion of plaintext passwords. This immediately elevates the risk profile, as password reuse becomes a significant concern. The data had been circulating quietly since April 2023, but its recent discovery on a more accessible forum suggests a potential uptick in exploitation.

DNDPanel's Plaintext Passwords Now Fueling Credential Stuffing

The DNDPanel breach, impacting 497 unique email addresses, highlights the persistent danger of storing passwords in plaintext. Discovered on a popular hacking forum, this breach exposes not only email addresses, usernames, and phone numbers, but also the most damaging element: plaintext passwords. This combination provides attackers with immediate access to compromised accounts and significantly increases the likelihood of successful credential stuffing attacks across other platforms.

The breach came to light when our team identified a post on a well-known hacking forum referencing a database dump from DNDPanel. The post, dated shortly after the initial breach in April 2023, contained a sample of the exposed data, confirming the presence of plaintext passwords. The simplicity of the attack surface – a database with inadequately protected credentials – is alarming, especially given the potential impact on users who may have reused those passwords across multiple services.

This breach matters to enterprises because it underscores the ongoing risk posed by weak password security practices, even within smaller platforms. Compromised credentials from a seemingly insignificant service can be leveraged to gain access to more critical systems. The inclusion of phone numbers also opens the door to potential phishing and social engineering attacks targeting individuals associated with the exposed accounts. The automation of attacks continues to evolve, meaning that breaches like this can be easily weaponized and used to target organizations.

Key point: Total records exposed: ~11,000

Key point: Total unique email addresses: 497

Key point: Types of data included: Email Address, Phone Number, Plaintext Password, Username

Key point: Sensitive content types: PII

Key point: Source structure: Database dump

Key point: Leak location: Popular hacking forum

Key point: Date of first appearance: April 2023

External Context & Supporting Evidence

While DNDPanel hasn't garnered widespread media attention, the incident aligns with a broader trend of smaller platforms becoming targets for credential harvesting. Security researchers have repeatedly warned against the dangers of plaintext password storage. Many older breaches involving plaintext passwords continue to be exploited today. The presence of phone numbers also increases the likelihood of follow-on phishing campaigns and SIM swapping attacks, as highlighted in numerous reports by security firms and law enforcement agencies.

Email · Address · Phone · Number · Plaintext · Password · Username