IceNEO

We're seeing a concerning rise in breaches impacting smaller, regional e-commerce platforms, often with outdated security practices. Our team flagged this 2018 breach of IceNEO, a now-defunct Polish e-commerce platform, during a sweep of older forum dumps. What really struck us wasn't the number of records, but the age of the breach combined with the continued relevance of exposed credentials in credential stuffing attacks. The fact that these credentials, though old, are still circulating and potentially being reused highlights the long tail of risk associated with even seemingly minor breaches.

IceNEO Breach: 33k Accounts Exposed in Old E-Commerce Leak

In August 2018, IceNEO, a Polish e-commerce platform that is now defunct, experienced a data breach that compromised approximately 33,000 user records. This breach recently resurfaced on a popular hacking forum, bringing it back into the spotlight. The breach initially caught our attention due to the presence of both email addresses and password hashes (MD5 and PHPass), a combination that remains potent for credential stuffing attacks even several years later. This matters to enterprises now because it exemplifies how older breaches targeting smaller organizations can still contribute to broader threat landscapes, particularly in the realm of account takeover.

Key point: Total records exposed: 33,296

Key point: Types of data included: Email Addresses, Password Hashes

Key point: Sensitive content types: Credentials

Key point: Source structure: Likely a database dump, though specifics are unavailable.

Key point: Leak location(s): A popular hacking forum.

Key point: Date of first appearance: August 26, 2018

While specific details about the forum where the data was shared are unavailable, similar breaches from that era often appeared on sites like RaidForums (now defunct) and other dark web communities. The use of MD5 and PHPass for password hashing, while common in 2018, are now considered weak algorithms, meaning that many of these passwords could be cracked with readily available tools. This underscores the importance of proactive password resets and monitoring for exposed credentials, even from older breaches.

Email · Address · Password · Hash