La Costa

We've been tracking the resurgence of older breach datasets appearing in new combolists and credential stuffing attacks. What caught our attention with the La Costa breach wasn't its age (2018), but the presence of plaintext passwords and its relatively recent reappearance on a prominent hacking forum. The data, while not massive, represents a significant risk for password reuse across other platforms, a common tactic exploited by attackers targeting enterprise users. This highlights the long tail of risk associated with seemingly "old" breaches and the continued need for vigilance in monitoring credential exposure.

The Russian Travel Agency Breach: 18k Emails and Plaintext Passwords Resurface

In August 2018, La Costa, a Russian travel agency, experienced a data breach that exposed a significant amount of sensitive user information. The breach, which recently resurfaced on a popular hacking forum, included over 18,000 unique email addresses and, critically, plaintext passwords. The fact that passwords were stored without proper encryption or hashing represents a severe security lapse and dramatically increases the risk to affected users.

The breach was discovered on August 21, 2018, and the data was subsequently posted on a hacking forum. The reappearance of this data now, years later, suggests it's being actively used in credential stuffing attacks. What makes this particularly concerning is the likelihood of password reuse – users often employ the same password across multiple online accounts. This means that a single exposed password from La Costa could potentially compromise numerous other accounts, including those with enterprise access.

This breach matters to enterprises because it underscores the persistent threat of password reuse and the long-term impact of even older data breaches. Even if an organization believes its employees weren't directly affected by the La Costa breach, the possibility of password reuse originating from this source remains a tangible risk. It also serves as a stark reminder of the importance of proper password storage practices and the potential consequences of failing to implement adequate security measures.

Key point: Total records exposed: 18,120

Key point: Types of data included: Email Address, Plaintext Password

Key point: Sensitive content types: Credentials

Key point: Source structure: Not specified, but likely a database dump or export

Key point: Leak location(s): Popular hacking forum (specific URL unavailable)

Key point: Date of first appearance: August 21, 2018

External Context & Supporting Evidence

While specific mainstream media coverage of the original La Costa breach in 2018 is limited, the incident aligns with a broader pattern of data breaches affecting travel agencies and the subsequent exposure of sensitive user data. The re-emergence of the La Costa data on hacking forums is consistent with the ongoing trend of threat actors compiling and trading combolists for credential stuffing attacks. Security researchers have repeatedly highlighted the dangers of plaintext password storage, as evidenced by numerous reports and articles on data security best practices.

Email · Address · Plaintext · Password