ICT in Education Toolkit

We've been tracking a worrying trend of older breaches resurfacing on Telegram channels, often targeting less technically sophisticated audiences who may not realize the data is years old. What caught our attention with this particular leak wasn't the size – just under 150,000 records – but the presence of plaintext passwords. In today's landscape of password spraying and credential stuffing attacks, even a small collection of exposed plaintext credentials from years ago can represent a significant risk for organizations and individuals who haven't updated their security practices. The lack of basic password hashing underscores a potentially systemic issue with the security practices of the affected organization.

ICT in Education Toolkit: A Case Study in Legacy Security Risks

In late August 2018, the ICT in Education Toolkit suffered a breach exposing 148,398 user records. The breach was subsequently added to breach notification sites and circulated in security communities, but has recently resurfaced on Telegram channels, making it accessible to a wider, less informed audience. What made this breach particularly concerning was the fact that it included email addresses and plaintext passwords. The exposure of plaintext passwords, even from an older breach, significantly elevates the risk of credential reuse attacks.

The data was initially leaked on August 26, 2018. The discovery of plaintext passwords indicates a failure to implement basic security best practices, such as password hashing with salting, which have been standard for many years. This oversight suggests potentially wider security deficiencies in the organization's infrastructure at the time of the breach.

Key point: Total records exposed: 148,398

Key point: Types of data included: Email addresses, Plaintext passwords

Key point: Source structure: Database

Key point: Leak location(s): Telegram channels, Breach Forums

Key point: Date of first appearance: August 26, 2018

Older breaches like this one are often repackaged and recirculated on platforms like Telegram, targeting individuals unaware of the breach's age. This can lead to renewed phishing campaigns and credential stuffing attacks, as threat actors leverage the exposed data to target vulnerable accounts. The fact that this breach involved plaintext passwords makes it significantly more dangerous than breaches involving hashed passwords, even if those hashes are weak.

The incident highlights the ongoing risk posed by legacy security vulnerabilities and the importance of proactive monitoring for leaked credentials. It also underscores the need for organizations to implement robust password security measures, including hashing and salting, and to educate users about the risks of password reuse. As noted by HaveIBeenPwned, "Storing passwords in plaintext is one of the worst security blunders an organization can make."

Email · Address · Plaintext · Password