elance.com

We're seeing a resurgence of older breaches surfacing in aggregated credential stuffing lists, likely due to the increasing ease of combining and processing historical data dumps. What caught our attention with the Elance breach wasn't the size – at 838,821 exposed accounts, it's relatively small compared to modern mega-breaches. Instead, it was the age of the data and the fact that it's still being actively traded and used in credential stuffing attacks targeting freelance platforms. The continued viability of such old data underscores the long tail of risk associated with legacy accounts and password reuse.

The Elance Breach: A Legacy of Exposed Credentials

The Elance breach, dating back to January 1, 2009, exposed a significant trove of user data from the then-popular staffing platform. The breach was initially reported to impact 1.3 million accounts, though our analysis of available dumps suggests a slightly lower figure of 838,821 unique records. The data surfaced publicly approximately eight years later, becoming a staple in various breach aggregation databases and dark web marketplaces.

The exposed data includes usernames, email addresses, phone numbers, first names, last names, business names, cities, states, zip codes, and SHA1 hashes of passwords. While SHA1 is considered a weak hashing algorithm by today's standards, the age of the breach means many users may not have updated their passwords on other platforms since the incident, making these credentials valuable for attackers attempting to gain unauthorized access to other services.

This breach matters to enterprises now because it highlights the persistent risk of credential reuse and the long lifespan of stolen data. Even breaches from over a decade ago can still be leveraged in modern attacks, especially against platforms where users may have used similar credentials. The automation of credential stuffing attacks, coupled with the ready availability of historical data dumps, makes this a continuing threat.

Key point: Total records exposed: 838,821

Key point: Types of data included: Email Address, Username, Phone Number, First Name, Last Name, Password Hash

Key point: Sensitive content types: PII

Key point: Source structure: Database

Key point: Leak location(s): Various breach aggregation sites, dark web marketplaces

Key point: Breach date: January 1, 2009

Key point: Breach type: Database

External Context & Supporting Evidence

While initial reporting on the Elance breach was limited at the time, its later appearance in large-scale breach compilations has been noted across security communities. Discussions on forums like Breach Forums and various Telegram channels frequently reference Elance data in the context of credential stuffing lists. Security researchers have also incorporated Elance data into password cracking efforts, highlighting the potential for recovering plaintext passwords from the SHA1 hashes.

The persistence of this data underscores the importance of proactive password management and account monitoring. Enterprises should be aware that credentials exposed in older breaches like Elance can still pose a risk to their systems and users.

Email · Address · Username · Phone · Number · First · Name · Last · Password · Hash