MrRental

We've been tracking a concerning trend of older breaches resurfacing in new contexts, often amplified by the proliferation of credential stuffing attacks and the increasing sophistication of password cracking tools. What really struck us about this particular incident wasn't the size of the breach itself, but the longevity of its potential impact. The data from **MrRental**, a site that suffered a breach back in **September 2019**, is still circulating and potentially being used in attacks today. The persistence of this data underscores the long tail of risk associated with even seemingly "old" breaches.

MrRental's 2019 Breach: A Legacy of Risk

The breach at MrRental, which occurred in September 2019, exposed over 1.9 million user records. The data surfaced again this week on a popular Telegram channel known for aggregating and selling breached databases. What caught our attention was the relatively high proportion of valid email addresses still in use, suggesting that a significant number of affected users have not changed their passwords or migrated to new accounts. This makes the data particularly valuable to attackers looking to compromise existing accounts through credential stuffing attacks.

The breach itself was a database leak containing sensitive user information. The data included:

Key point: Total records exposed: 1,930,661

Key point: Types of data included: Email Addresses, Password Hashes (likely MD5), Usernames, Birthdays, Salts

Key point: Sensitive content types: PII (Personally Identifiable Information)

Key point: Source structure: Database Dump

Key point: Leak location(s): Telegram channel

Key point: Date of first appearance: September 1, 2019

The use of MD5 hashes for password storage is a critical vulnerability. As has been widely documented, MD5 is considered cryptographically broken and can be cracked relatively easily using readily available tools and rainbow tables. This means that the passwords associated with these accounts are likely compromised. The risk is further compounded by the fact that many users reuse passwords across multiple accounts, increasing the potential for cascading breaches.

External Context & Supporting Evidence

While the MrRental breach itself didn't garner significant media attention at the time, similar breaches of smaller online platforms have been reported on by outlets like BleepingComputer, highlighting the vulnerability of smaller organizations to data breaches. The re-emergence of this data is consistent with trends observed across various threat intelligence platforms, where older breach datasets are often repackaged and sold to new audiences. One Telegram post we observed claimed the database was being offered "for fresh credential stuffing campaigns," further underscoring the active exploitation of this data.

Email · Address · Password · Hash · Username · Birthday · Salt