Fundamental Baptist Books

We've been tracking an uptick in smaller, older breaches resurfacing on various hacking forums, often targeting niche websites or services. What really struck us with this particular incident wasn't the volume of records, but the presence of plaintext passwords and the nature of the affected site – a religious book distributor. The combination suggests a lack of security awareness that could make other affiliated organizations vulnerable. The fact that it was shared on a prominent hacking forum only increases the likelihood of it being used in credential stuffing attacks.

Fundamental Baptist Books Breach: Resurfaced 2018 Data Exposes Plaintext Passwords

A data breach impacting Fundamental Baptist Books, an e-commerce platform based in the United States, initially occurred in August 2018. The breach, affecting approximately 6,593 accounts, recently resurfaced on a well-known hacking forum, bringing renewed attention to the compromised data. This re-emergence elevates the risk of credential stuffing attacks and highlights the long tail of data breaches. What made this breach particularly concerning was the inclusion of both plaintext passwords and MD5 hashed passwords, some with salts. The presence of plaintext passwords indicates a severe lapse in security practices at the time of the breach.

The breach caught our attention due to the combination of the sensitive nature of religious organizations and the poor security practices demonstrated by the presence of plaintext passwords. While the number of records is relatively small compared to mega-breaches, the potential impact on individuals and affiliated organizations remains significant. This incident serves as a stark reminder that even smaller organizations are attractive targets for attackers, and that legacy breaches can continue to pose a threat for years to come. It underscores the importance of proactive security measures and continuous monitoring for exposed credentials. The breach aligns with a broader trend of older breaches being repurposed in combolists and credential stuffing attacks.

Breach Stats

* **Total records exposed:** 6,593
* **Types of data included:** Email addresses, plaintext passwords, MD5 hashed passwords (some with salts)
* **Sensitive content types:** Potentially names and addresses linked to book purchases
* **Source structure:** Unknown, likely a database export
* **Leak location(s):** Prominent hacking forum (specific URL unavailable due to forum policies)
* **Date of first appearance:** August 2018

External Context & Supporting Evidence

While there's no readily available news coverage of the initial 2018 breach, the re-emergence of the data on hacking forums is significant. Such forums often serve as marketplaces for stolen credentials, where they are traded and used in various malicious activities, including credential stuffing attacks. The risk is amplified when the breached data contains plaintext passwords, as it eliminates the need for attackers to crack password hashes. The re-emergence of this breach is consistent with the broader phenomenon of "combolists" circulating on the dark web and used in automated attacks.

Email · Address · Password · Hash · Plaintext · Salt