EasyLove

Our threat intelligence platform flagged an unusual surge in credential stuffing attempts targeting a subset of our user base, prompting an immediate deep dive. We noticed a distinct pattern of compromised credentials originating from a single, older source. What struck us as particularly concerning was the inclusion of plaintext passwords alongside hashed ones, a practice that significantly lowers the bar for attackers to gain unauthorized access to other services.

The breach, originating from the now-defunct Czech dating platform EasyLove, occurred on August 26, 2018, and exposed approximately 11,230 unique records. The compromised data set includes email addresses and, critically, both plaintext passwords and password hashes (specifically phpBB format). This dual exposure of password formats is a significant risk, as plaintext passwords can be used directly, while the phpBB hashes, while not ideal, are often susceptible to brute-force attacks or pre-computed rainbow table lookups, especially if weak password policies were in place on the compromised EasyLove site. The data subsequently surfaced on a well-known hacking forum, indicating its availability to a broad spectrum of malicious actors.

While direct news coverage of this specific EasyLove breach is limited, the incident aligns with a broader trend observed in 2018 and continuing today: the repurposing of data from older, less secure platforms for credential stuffing attacks. Research from organizations like Troy Hunt's "Have I Been Pwned?" consistently demonstrates the longevity and impact of such breaches, with compromised credentials from defunct sites frequently reappearing in new attack vectors. The presence of plaintext passwords in this leak is a stark reminder of the importance of implementing robust password policies and encouraging multi-factor authentication across all platforms.

The recent uptick in login failures across our infrastructure prompted an investigation into potential external data exposures. We observed a correlation between these failures and a specific set of email addresses that had recently appeared in a newly indexed data dump. What stood out was the sheer volume of associated credentials, many of which were not only hashed but also presented in a format that suggests a relatively straightforward cracking process.

This incident involves a data leak from the defunct dating platform, EasyLove, dating back to August 26, 2018. The breach compromised 11,230 records, primarily consisting of email addresses and associated credentials. A significant portion of these credentials were found in plaintext, while others were protected by phpBB password hashes. The exposure of plaintext passwords is a direct pathway for attackers to compromise user accounts, and the phpBB hashes, while offering a layer of protection, are known to be vulnerable to offline cracking techniques, especially when paired with common password patterns. The data was disseminated on a prominent hacking forum, increasing its accessibility to threat actors.

While this specific breach may not have garnered widespread media attention, it represents a classic example of a "database dump" that has been weaponized as a "combolist." Such lists are a staple in automated attack campaigns. OSINT investigations into similar breaches from the same era reveal a consistent pattern of data aggregation from various online services, often with lax security, to fuel these credential stuffing operations. The continued availability of such data underscores the persistent threat posed by historical data exposures.

Our security monitoring systems detected a cluster of anomalous login attempts originating from a known malicious IP range, which led us to investigate a potential data leak. We noticed that the compromised credentials associated with these attempts were predominantly linked to a single, older online service. What was particularly alarming was the simultaneous presence of both readily usable plaintext passwords and hashes that, while not ideal, are known to be susceptible to rapid decryption given sufficient computational resources.

The breach in question stems from the now-defunct EasyLove dating platform, with the data leak occurring on August 26, 2018. Approximately 11,230 records were exposed, containing email addresses and either plaintext passwords or phpBB-formatted password hashes. The dual nature of the credential exposure is a critical vulnerability; plaintext passwords offer immediate access, while the phpBB hashes, a legacy hashing algorithm, can be cracked with relative ease using modern techniques, especially if the original passwords were weak. This compromised dataset was subsequently shared on a prominent hacking forum, making it readily available to a wide array of cybercriminals.

While specific news reports on the EasyLove breach are scarce, this incident is emblematic of the persistent threat posed by data aggregators and credential dumps. The practice of collecting and distributing compromised credentials from older, often forgotten platforms remains a primary vector for account compromise. Security research consistently highlights the long tail of data breaches, where information leaked years ago continues to be exploited. The inclusion of plaintext passwords in this leak is a particularly egregious oversight that significantly amplifies the risk to affected individuals and any services where they may have reused those credentials.