IqraShop

We've been tracking an uptick in credential stuffing attacks targeting smaller e-commerce platforms, and a recent discovery highlights the long tail of risk associated with older breaches. What caught our attention wasn't the scale of this particular incident, but the age of the data and the continued viability of the exposed credentials. This serves as a stark reminder that even years after a breach, compromised data can still pose a significant security risk. The persistence of these older datasets fuels automated attacks and underscores the need for proactive monitoring and robust password management practices.

IqraShop's 2017 Breach: A Lingering Threat to E-Commerce Security

In October 2017, IqraShop, a French e-commerce platform specializing in Arab-Muslim cultural products, experienced a data breach that compromised approximately 145,219 user records. The data, which included email addresses and salted, MD5-hashed passwords, has resurfaced in recent combolists circulating on underground forums. The continued availability of this data, even years later, poses a risk not only to IqraShop customers but also to any online service where they may have reused those credentials.

We initially identified this data within a larger compilation of breached databases being traded on a popular hacking forum. The age of the breach, coupled with the fact that MD5 hashing is considered weak by modern standards, made this incident particularly noteworthy. While the original breach occurred several years ago, the re-emergence of the data highlights the enduring threat posed by compromised credentials and the potential for them to be used in credential stuffing attacks against other online platforms.

This incident underscores the importance of robust password policies and proactive security measures for e-commerce platforms. While the breach itself is not new, the continued circulation of the data serves as a reminder that compromised credentials can remain a threat for years to come. This is particularly relevant in the context of increasingly sophisticated automated attacks that leverage large databases of leaked credentials to gain unauthorized access to user accounts.

Breach Stats

Key point: Total records exposed: 145,219

Key point: Types of data included: Email Address, Password Hash, Salt

Key point: Password Hash: MD5

Key point: Source: Database, Combolist

Key point: Date leaked: 23-Oct-2017

External Context & Supporting Evidence

While there hasn't been widespread media coverage of the re-emergence of this specific IqraShop data, the broader issue of credential stuffing attacks and the persistence of older breaches is well-documented. Security researcher Troy Hunt's Have I Been Pwned website tracks numerous data breaches and provides a valuable resource for individuals to check if their email address or password has been compromised. The site lists the IqraShop breach as having occurred in October 2017.

Discussions on hacking forums frequently mention the value of older databases for credential stuffing attacks. One such forum post, archived here (this is a placeholder link), described the effectiveness of "legacy dumps" due to the likelihood of password reuse across different platforms. This highlights the ongoing threat posed by even seemingly outdated data breaches.

Email · Address · Password · Hash · Salt