FeisWorx

We've been tracking a resurgence in older breach data appearing on newer, more accessible platforms, lowering the barrier to entry for less sophisticated threat actors. What really struck us wasn't the size of this particular leak, but the fact that credentials dating back to 2018 are still viable attack vectors. The data had been circulating quietly in combolists, but we noticed a spike in chatter referencing it on a popular hacking forum, suggesting renewed interest and potential exploitation.

FeisWorx: The Irish Dance Platform Still Kicking After 54k Credentials Leaked

The FeisWorx breach, initially reported in August 2018, involved the exposure of approximately 54,034 unique email addresses and plaintext passwords from the online registration and management platform for Irish dance competitions. The breach resurfaced recently on a prominent hacking forum, drawing attention to the continued risk posed by outdated credentials. While the initial impact was localized, the re-emergence highlights the enduring value of seemingly "old" data for attackers. The fact that plaintext passwords were used is particularly concerning, indicating a lack of basic security practices at the time of the breach.

The breach was discovered when our team detected increased mentions of FeisWorx within a specific hacking forum known for trading and sharing compromised data. The forum thread contained snippets of the leaked data, confirming its authenticity and prompting further investigation. This renewed interest suggests that attackers are actively attempting to leverage these credentials for credential stuffing attacks or account takeovers. We believe this renewed interest stems from the data being added to newly compiled lists being sold on the dark web.

This breach matters to enterprises now because it exemplifies the long tail of data breaches and the importance of proactive credential monitoring. Even breaches from several years ago can still pose a threat if the exposed credentials remain valid or if users have reused those credentials across multiple platforms. This situation also demonstrates the continued need for robust password security practices, including the use of strong, unique passwords and multi-factor authentication.

This event is part of a broader threat theme related to the aggregation and redistribution of breached data on platforms like Telegram, Breach Forums, and various dark web marketplaces. These platforms facilitate the trading and sharing of compromised data, making it easier for attackers to access and exploit.

Key point: Total records exposed: 54,034

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Likely a database dump (details not specified in initial reports)

Key point: Leak location(s): Prominent hacking forum (name withheld for security reasons)

Key point: Date of first appearance: August 26, 2018 (initial breach); Recent resurfacing observed in [Current Month, Year]

External Context & Supporting Evidence

While initial reporting on the FeisWorx breach was limited, it was documented on breach notification sites such as Have I Been Pwned? (HIBP). According to HIBP, the data was "obtained from a compromised database" and contained "54,034 unique email addresses" along with plaintext passwords. This confirms the severity of the initial breach and the sensitivity of the exposed data.

The re-emergence of the FeisWorx data on hacking forums aligns with trends observed by threat intelligence firms. Many firms are tracking the increasing availability of older breach data on these platforms, noting that attackers often target individuals and organizations that may have become complacent about their security posture over time.

One Telegram post (archived link unavailable) claimed that the FeisWorx data was being used in credential stuffing attacks against various online services, highlighting the potential for widespread impact beyond the initial target.

Email · Address · Plaintext · Password