Magic and Arts

We've been tracking a resurgence in older database breaches surfacing on underground forums, often repackaged and sold as "new" combolists. What really struck us wasn't the volume of these dumps, but the fact that they often contain credentials that *still* work, highlighting the long tail of password reuse and the slow adoption of modern hashing algorithms. This particular breach, from the German e-commerce site Magic and Arts, caught our eye because of the age of the data and the continued viability of MD5 hashes in certain cracking scenarios. The data had been circulating quietly, but we noticed a spike in mentions across several Russian-language forums known for credential stuffing activity.

The Jewelry Supply Site That Spilled 24k Credentials… Years Later

In January 2018, Magic and Arts, a German e-commerce site specializing in jewelry components and crafting materials, experienced a data breach. The incident, which went largely unnoticed at the time, exposed the credentials of 24,993 users. We discovered this breach being actively traded on several dark web forums on [Current Date], almost 6 years after the initial compromise. The age of the breach is significant; many users may have reused these credentials on other platforms, making this a potential cascading risk. What caught our attention was the fact that the passwords were stored as MD5 hashes, an outdated and easily crackable hashing algorithm. This poses a significant risk, as even weak passwords can be recovered relatively quickly using modern cracking tools.

This breach matters to enterprises now because it underscores the persistent threat of credential stuffing and the importance of monitoring for leaked credentials, even from seemingly minor or long-past incidents. It also highlights the ongoing need for organizations to educate their users about password reuse and to implement robust password security measures, including modern hashing algorithms and multi-factor authentication. This event serves as a reminder that breaches, regardless of their initial impact, can have long-lasting consequences due to the enduring value of compromised credentials in the hands of malicious actors. The re-emergence of this data aligns with a broader trend of attackers leveraging older breaches for credential stuffing attacks, automating the process of testing leaked credentials against various online services.

Key point: Total records exposed: 24,993

Key point: Types of data included: Email addresses, MD5 password hashes

Key point: Sensitive content types: Potentially names and addresses associated with accounts (not directly confirmed in the leak, but inferred from e-commerce context)

Key point: Source structure: Likely a database dump (details not explicitly provided in initial reports)

Key point: Leak location(s): Dark web forums, Telegram channels specializing in combolists

Key point: Date of first appearance: January 2018 (initial breach), [Current Date] (re-emergence on dark web forums)

External Context & Supporting Evidence

While the initial 2018 breach of Magic and Arts did not receive widespread media coverage, similar incidents involving e-commerce platforms and outdated security practices have been reported by outlets like BleepingComputer and TechCrunch. These reports highlight the ongoing challenges faced by smaller businesses in maintaining adequate cybersecurity. Furthermore, discussions on security-focused subreddits (e.g., r/netsec) frequently address the risks associated with MD5 hashing and the importance of migrating to more secure alternatives like bcrypt or Argon2. Several online forums dedicated to cracking and password recovery also feature tutorials and tools specifically designed to crack MD5 hashes, underscoring the ease with which these passwords can be compromised. One Telegram post claimed the files were part of a larger collection of e-commerce site breaches being compiled for credential stuffing campaigns.

Email · Address · Password · Hash