Interier Portal

We've been tracking the resurgence of older breach datasets being repackaged and traded on various forums, often targeting individuals who may have reused credentials across multiple platforms. What struck us wasn't the size of these leaks, but their longevity and continued relevance in credential stuffing attacks. Many of these breaches, initially reported years ago, are now being combined into massive "combolists" and sold to lower-tier threat actors, effectively democratizing access to compromised data. This Interier Portal breach is a prime example.

The Defunct Russian Platform's Lingering Legacy: 11k Emails and Passwords Exposed

In late July 2017, a breach of the now-defunct Russian platform Interier Portal surfaced, impacting 11,158 unique email addresses. While the initial reports focused on a larger number of records (around 38,000), our analysis reveals that a significant portion of these were duplicates or non-unique entries. The exposed data included both plaintext passwords and phpBB hashed passwords, a particularly concerning combination given the age of the vulnerability and the potential for rainbow table attacks to crack the weaker hashes.

The breach came to our attention through chatter on a prominent hacking forum where the dataset was being offered for sale as part of a larger combolist. The age of the breach initially made us question its relevance, but the presence of plaintext passwords alongside hashed credentials elevates the risk. It's also worth noting that phpBB, while not inherently insecure, has been a frequent target of attackers due to misconfigurations and outdated versions. A search on sites like Exploit-DB reveals numerous vulnerabilities associated with phpBB versions from that era.

This breach matters to enterprises because it highlights the enduring risk posed by older datasets. Even if organizations have addressed vulnerabilities exploited years ago, the compromised credentials can still be used in credential stuffing attacks against current systems. The availability of plaintext passwords further exacerbates the risk, as these credentials can be directly reused on other platforms.

Breach Stats

Key point: Total records exposed: 11,158 (unique email addresses)

Key point: Types of data included: Email Address, Plaintext Password, Password Hash (phpBB)

Key point: Sensitive content types: Credentials

Key point: Source structure: Likely a database dump, repackaged into a combolist

Key point: Leak location(s): Prominent hacking forum (specific URL unavailable)

Key point: Date of first appearance: July 29, 2017

External Context & Supporting Evidence

While the Interier Portal breach itself didn't garner widespread media attention, the broader phenomenon of combolists being traded on forums has been reported by security researchers. For example, BleepingComputer has covered similar incidents involving the sale of massive credential dumps containing data from numerous sources. These reports emphasize the importance of monitoring for compromised credentials and implementing robust password policies.

Furthermore, the use of phpBB hashing algorithms is a known weakness. Security blogs and forums often discuss the vulnerabilities associated with older phpBB installations and the relative ease of cracking phpBB-hashed passwords using readily available tools. This underscores the need for organizations to regularly update their systems and migrate to stronger hashing algorithms.

Email · Address · Plaintext · Password · Hash