MOONLOGSFREE 493pcs uploaded by .boxed.pw

We've been tracking a surge in older database leaks resurfacing on various dark web forums and Telegram channels. These aren't always new breaches, but rather collections of data from older, sometimes defunct, platforms. What really struck us about this latest dump wasn't the size – roughly 440,000 records – but the specific combination of data points and the unusual source: a website called MOONLOGSFREE, linked to the defunct music sharing site AlbumWash. The data had been circulating quietly, uploaded by user .boxed.pw, but we noticed a spike in mentions across several breach aggregation sites.

The MOONLOGSFREE/AlbumWash Breach: A Deep Dive

The leak appears to stem from a breach of AlbumWash, a music sharing website that is now defunct. The compromised data was uploaded to MOONLOGSFREE on January 1, 2024, and contains a mix of user credentials and IP addresses. What caught our attention was the presence of MD5 hashed passwords, an outdated and easily crackable security measure, suggesting the breach likely occurred some time ago, potentially during AlbumWash's active period. This highlights the ongoing risk posed by legacy systems and the importance of proper data disposal even after a service shuts down.

The breach matters to enterprises now because credential stuffing attacks are rampant. Even if AlbumWash is no longer active, the exposed email addresses and passwords can be used to target users on other platforms. This is especially concerning if users reused passwords across multiple accounts.

This aligns with a broader trend of attackers targeting older databases with weak security measures. The automation of credential harvesting and reuse makes these older leaks a valuable resource for malicious actors. The appearance of the data on Telegram channels further facilitates its distribution and use in attacks.

Key point: Total records exposed: 438,662

Key point: Types of data included: Email Address, Username, IP Address, Password Hash (MD5)

Key point: Source structure: Unknown, but uploaded as a single file by user .boxed.pw to MOONLOGSFREE

Key point: Leak location(s): MOONLOGSFREE, with mentions across various breach aggregation sites and Telegram channels.

External Context & Evidence

While there hasn't been widespread reporting on this specific MOONLOGSFREE/AlbumWash leak, the broader issue of exposed credentials from older breaches is well-documented. Security researcher Troy Hunt's "Have I Been Pwned" database regularly includes data from similar incidents, highlighting the persistent risk of credential reuse. Mentions of similar leaks and credential stuffing techniques are common on cybersecurity forums and threat intelligence feeds.

One Telegram post claimed the files were "another MD5 graveyard," emphasizing the outdated hashing algorithm used and the potential for cracking the passwords. This underscores the need for organizations to monitor for compromised credentials and implement multi-factor authentication to mitigate the risk of account takeover.

Email · Address · Password · Hash · Username · Ip