We're seeing a resurgence of older breaches surfacing in aggregated credential stuffing lists, likely due to the increasing ease of combining and processing historical data dumps. What caught our attention with the Elance breach wasn't the size – at 838,821 exposed accounts, it's relatively small compared to modern mega-breaches. Instead, it was the age of the data and the fact that it's still being actively traded and used in credential stuffing attacks targeting freelance platforms. The continued viability of such old data underscores the long tail of risk associated with legacy accounts and password reuse.
The Elance breach, dating back to January 1, 2009, exposed a significant trove of user data from the then-popular staffing platform. The breach was initially reported to impact 1.3 million accounts, though our analysis of available dumps suggests a slightly lower figure of 838,821 unique records. The data surfaced publicly approximately eight years later, becoming a staple in various breach aggregation databases and dark web marketplaces.
The exposed data includes usernames, email addresses, phone numbers, first names, last names, business names, cities, states, zip codes, and SHA1 hashes of passwords. While SHA1 is considered a weak hashing algorithm by today's standards, the age of the breach means many users may not have updated their passwords on other platforms since the incident, making these credentials valuable for attackers attempting to gain unauthorized access to other services.
This breach matters to enterprises now because it highlights the persistent risk of credential reuse and the long lifespan of stolen data. Even breaches from over a decade ago can still be leveraged in modern attacks, especially against platforms where users may have used similar credentials. The automation of credential stuffing attacks, coupled with the ready availability of historical data dumps, makes this a continuing threat.
Key point: Total records exposed: 838,821
Key point: Types of data included: Email Address, Username, Phone Number, First Name, Last Name, Password Hash
Key point: Sensitive content types: PII
Key point: Source structure: Database
Key point: Leak location(s): Various breach aggregation sites, dark web marketplaces
Key point: Breach date: January 1, 2009
Key point: Breach type: Database
While initial reporting on the Elance breach was limited at the time, its later appearance in large-scale breach compilations has been noted across security communities. Discussions on forums like Breach Forums and various Telegram channels frequently reference Elance data in the context of credential stuffing lists. Security researchers have also incorporated Elance data into password cracking efforts, highlighting the potential for recovering plaintext passwords from the SHA1 hashes.
The persistence of this data underscores the importance of proactive password management and account monitoring. Enterprises should be aware that credentials exposed in older breaches like Elance can still pose a risk to their systems and users.
Email · Address · Username · Phone · Number · First · Name · Last · Password · Hash
HEROIC is close to launching our next-generation platform where you can search, secure, and monitor all of your identities. To be the first in line, simply insert your email and you'll be added to the list
Be the first to know when we launch
Email marketing by Interspire
See if your personal information has been exposed in data breaches
Scan to sign up instantly
We found your data exposed in multiple breaches. This includes:
Your information is protected by enterprise-grade security