Editorial Freelancers Association (EFA)

We've been tracking a resurgence in older breach datasets appearing in combolist attacks, where attackers attempt to reuse credentials across multiple services. What really struck us about this particular instance wasn't the size of the leak, but the fact that it targeted a professional association. The data, which had been circulating quietly for some time, resurfaced on a popular hacking forum, prompting our deeper analysis. The nature of the organization and the plaintext storage of passwords raised immediate concerns about potential downstream impacts on its members.

The Editorial Freelancers Association Breach: 16,935 Records Exposed

In August 2018, the Editorial Freelancers Association (EFA), a US-based organization for freelance publishing professionals, suffered a breach that exposed 16,935 user records. The breach came to light when the dataset was posted on a well-known hacking forum, a common practice for threat actors looking to monetize or distribute compromised information. What caught our attention was the sensitivity of the target – a professional association whose members could be vulnerable to targeted phishing or follow-on attacks due to their professional roles. The exposed data included both email addresses and plaintext passwords.

The implications of storing passwords in plaintext are significant. An attacker gaining access to this data could trivially compromise user accounts without needing to crack password hashes. This increases the risk of account takeover, where attackers can use compromised accounts to send malicious emails, steal sensitive information, or impersonate legitimate users. The EFA breach is a stark reminder of the importance of basic security practices, such as password hashing, even for smaller organizations. Such practices are often overlooked, leading to easily exploitable vulnerabilities.

The breach matters to enterprises now because it highlights the continued risk posed by older, unaddressed security incidents. Even years after a breach occurs, exposed credentials can still be used in credential stuffing attacks or targeted phishing campaigns. Enterprises should be aware that their employees or contractors may be members of organizations like the EFA, and that their credentials may have been compromised in past breaches. This reinforces the need for proactive monitoring of exposed credentials and implementation of multi-factor authentication to mitigate the risk of account takeover.

Key point: Total records exposed: 16,935

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Likely a database dump (exact format unknown)

Key point: Leak location(s): Prominent hacking forum

Key point: Date of first appearance: 26-Aug-2018 (date dataset posted on forum)

External Context & Supporting Evidence

While specific news coverage of the EFA breach is limited, the incident aligns with a broader trend of credential leaks and their subsequent use in attacks. Combolists containing email and password pairs are frequently traded on underground forums and used in automated attacks against various online services. Security researchers often monitor these forums to identify and analyze leaked data, providing valuable insights into the threat landscape.

The appearance of the EFA data on a hacking forum suggests that it may have been used in credential stuffing attacks targeting other platforms. Threat actors often target professional associations and organizations because their members may have access to valuable resources or sensitive information. The plaintext storage of passwords in this case made the breach particularly damaging, as it allowed attackers to easily compromise user accounts without needing to crack password hashes. This incident underscores the importance of basic security practices, such as password hashing, even for smaller organizations.

Email · Address · Plaintext · Password