InterNext SERVER

We're constantly monitoring underground sources for older breaches that resurface and pose a risk to modern password habits. This InterNext SERVER breach, dating back to August 2018, initially seemed like a minor historical incident. However, what caught our attention was the presence of plaintext passwords. While smaller in scale compared to recent mega-breaches, the cleartext storage makes it particularly relevant today, as these passwords may have been reused across other, more critical services. The fact that the service was a server rental provider also raises concerns about potential access to sensitive data stored on those servers at the time of the breach.

InterNext SERVER Leak: 6.2k Accounts Exposed with Plaintext Passwords

In August 2018, a database belonging to InterNext SERVER, a Japanese server rental service, was leaked on underground forums. The breach affected 6,249 users and contained highly sensitive information: email addresses and, critically, plaintext passwords. This meant passwords were not hashed or encrypted, leaving them exposed in their original form.

The breach initially surfaced on smaller underground forums frequented by credential stuffing enthusiasts. While not widely publicized at the time, the data has been circulating quietly, likely fueling password reuse attacks for years. We noticed a spike in mentions of the "internext" domain in recent weeks across several combolist marketplaces, suggesting a renewed interest in this older data.

The significance for enterprises lies in the high probability of password reuse. Employees or former employees who used InterNext SERVER may have used the same credentials for corporate accounts or other sensitive services. This exposes organizations to credential stuffing attacks, where attackers use leaked credentials to gain unauthorized access to systems and data. The age of the breach doesn’t diminish the risk; in fact, it may increase it, as users are less likely to remember and change passwords used long ago.

Key point: Total records exposed: 6,249

Key point: Types of data included: Email addresses, Plaintext passwords

Key point: Source structure: Database

Key point: Leak location(s): Underground forums, Combolist marketplaces

Key point: Date of first appearance: August 26, 2018

The dangers of plaintext password storage are well-documented. Security researcher Troy Hunt has repeatedly emphasized the importance of proper hashing and salting techniques to protect user credentials. Resources like OWASP (Open Web Application Security Project) provide guidelines for secure password storage to mitigate the risks associated with breaches like this one.

Email · Address · Plaintext · Password