InsiderElite

We've observed a concerning trend in older breaches resurfacing, often repackaged and redistributed across various dark web forums and Telegram channels. What really struck us about this particular incident wasn't the volume of records, but the continued use of plaintext passwords even in 2018. Our team initially flagged this breach while monitoring known data trading communities for compromised credentials relevant to our clients. The InsiderElite breach, while not new, serves as a stark reminder of the long tail of security negligence and the enduring risk posed by poorly secured legacy systems. The ease with which these old credentials can be leveraged in credential stuffing attacks remains a significant threat.

The InsiderElite Breach: 235k Financial Investor Records Exposed with Plaintext Passwords

In August 2018, InsiderElite, a US-based financial investors website, suffered a significant data breach. The breach was discovered shortly after it occurred, with initial reports circulating on various hacking forums. What caught our attention was the storage of passwords in plaintext, an egregious security lapse even by 2018 standards. This significantly increases the risk of the exposed credentials being used for malicious purposes.

The breach matters to enterprises now because these older credentials can still be active on other platforms or reused by individuals across multiple accounts. Credential stuffing attacks, where attackers use lists of known username/password combinations to attempt to log into other services, are a persistent threat. The InsiderElite breach highlights the importance of proactive credential monitoring and employee education regarding password reuse.

Key point: Total records exposed: 235,824

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Sensitive content types: Financial investor data (potential)

Key point: Source structure: Likely a database dump or export.

Key point: Leak location(s): Initially various hacking forums, and subsequently Telegram channels and breach compilation sites.

While specific forum threads are difficult to trace back to their original appearance, the breach was widely discussed on sites like BreachForums and various Telegram channels dedicated to data leaks. The lack of encryption for passwords aligns with a period of widespread security apathy, but its continued relevance underscores the need for constant vigilance.

Troy Hunt added the InsiderElite breach to Have I Been Pwned? on August 28, 2018, further validating the credibility and impact of the incident. This breach is also a good example of how older breaches can resurface and be used in credential stuffing attacks, as highlighted in numerous reports by cybersecurity firms like Akamai and Cloudflare on the persistence of credential stuffing attacks.

Email · Address · Plaintext · Password