Hanbit Media

We've been tracking a resurgence in older breach datasets appearing in new combolists, often targeting specific regions or industries. What really struck us about the recent appearance of the Hanbit Media breach wasn't the size, but the context. While relatively small at just under 23,000 records, it represents a potential blind spot: older breaches that, due to their age, may be overlooked in current threat models but whose credentials could still be valid. The data had been circulating quietly, but we noticed an uptick in chatter referencing it within Korean-language hacking forums, suggesting renewed interest in leveraging the exposed credentials.

Hanbit Media Breach: 22,975 Accounts Exposed

In February 2018, Hanbit Media, a South Korean publisher, suffered a data breach. The breach, which recently resurfaced in several prominent combolists and hacking forums, exposed 22,975 user records. The re-emergence of this older breach highlights the long tail of credential compromise and the potential for attackers to profit from aged data.

The Hanbit Media breach was originally reported in early 2018. While the exact method of compromise remains unclear, the exposed data suggests a direct database breach or SQL injection attack. The data recently caught our attention due to increased mentions on underground forums and its inclusion in several large combolists targeting Korean online services. This suggests an active effort to utilize the exposed credentials for credential stuffing attacks.

This breach matters to enterprises now because it underscores the enduring risk posed by older credentials. Even if users have changed their passwords since 2018, the leaked credentials could be used to access other accounts if users have reused passwords. Furthermore, the targeting of a South Korean publisher suggests a localized threat actor or campaign, which may be relevant to companies operating in that region.

Key point: Total records exposed: 22,975

Key point: Types of data included: Email Address, Password Hash

Key point: Sensitive content types: None specified beyond credentials

Key point: Source structure: Unknown

Key point: Leak location(s): Combolists, Hacking Forums

Key point: Date leaked: 07-Feb-2018

South Korean media did not widely report on this breach at the time. However, it is listed on several breach notification sites and has appeared in past data dumps indexed by services like HaveIBeenPwned. This reinforces the idea that even smaller breaches can have a long-term impact and should be considered in risk assessments. The password hashes were stored in an unknown format.

Email · Address · Password · Hash