Gambolao

We've been tracking an uptick in breaches impacting smaller, regional online platforms, often overlooked in the shadow of larger enterprise compromises. What really struck us about this particular incident was the age of the data coupled with its reappearance in a combinated list. This suggests that even seemingly outdated breaches can resurface to pose a renewed threat, particularly when credentials are reused across multiple services. The fact that this data is now circulating in combolists significantly increases the risk of credential stuffing attacks against other platforms.

Gambolao's 2018 Breach Resurfaces: 12K Sports Betting Accounts Exposed

In July 2018, Gambolao, a Brazilian sports betting platform, experienced a data breach that compromised 12,385 user records. The breach, which involved a database or combolist exposure, recently resurfaced on a popular hacking forum, bringing renewed attention to the incident and its potential impact. The exposed data includes email addresses and password hashes, which, while encrypted, are vulnerable to cracking using modern techniques.

The initial breach occurred on July 9, 2018, and was later indexed by breach aggregation sites. What caught our attention was the re-emergence of this data in a combinated list circulating on a hacking forum this month. This suggests the data is actively being used in credential stuffing attacks. The risk to enterprises lies in the potential for employees or customers to have reused their Gambolao credentials on other, more critical platforms. Even though the breach is several years old, the continued circulation of the data amplifies the risk.

This incident underscores a broader trend: the long tail of data breaches. Even breaches that occurred years ago can continue to pose a threat as compromised credentials are used in automated attacks against a variety of online services. The automation of attacks, coupled with the increasing availability of breached data, makes even relatively small breaches a significant risk.

Key point: Total records exposed: 12,385

Key point: Types of data included: Email Address, Password Hash

Key point: Sensitive content types: User credentials

Key point: Source structure: Database, Combolist

Key point: Leak location(s): Popular hacking forum

Key point: Date leaked: 09-Jul-2018

While specific details about the forum where the data resurfaced are not included here for security reasons, such forums often serve as marketplaces for compromised data, where threat actors buy and sell credentials for various purposes, including account takeover and fraud. The re-emergence of the Gambolao data highlights the importance of proactive monitoring for leaked credentials and the implementation of robust password policies across all online platforms. This also reinforces the need for users to employ unique, strong passwords for each online service they use, mitigating the risk of credential reuse attacks.

Email · Address · Password · Hash