NEW_DAISYCLOUD-CHAMPIONING – 21_MARCH_0484_ON_CHANNEL uploaded by a Telegram User

We've observed a concerning trend of stealer logs surfacing on hacking forums, often containing credentials and other sensitive data harvested from compromised systems. What really struck us with this particular leak wasn't the size, though nearly 4 million records is nothing to dismiss, but the combination of plaintext passwords alongside email addresses and homepage URLs. The availability of plaintext passwords significantly amplifies the risk to affected individuals and organizations. This data had been circulating quietly as part of a larger dump, but we isolated it due to the severity of the exposed credentials.

DaisyCloud Breach Exposes Millions of Plaintext Passwords

A stealer log, titled 15Kk ULP, was posted on a prominent hacking forum on March 28, 2024, containing credentials from a site named NEW_DAISYCLOUD-CHAMPIONING – 21_MARCH_0484_ON_CHANNEL, uploaded by a Telegram User. This log, the second in a two-part series released by a threat actor, contained approximately 15 million records. What caught our attention was the inclusion of nearly 4 million unique email addresses paired with plaintext passwords and associated homepage URLs. The fact that passwords were stored in plaintext is a major security lapse, as it makes them immediately usable by attackers.

The breach was discovered when the 15Kk ULP stealer log was posted on a well-known hacking forum. This log file was part of a larger set of compromised data being traded and shared within the cybercriminal community. The combination of plaintext passwords with email addresses and homepage URLs raised immediate concern, indicating a significant compromise of user accounts. This breach matters to enterprises now because it demonstrates the potential for attackers to leverage stealer logs to gain access to sensitive data and user accounts. The incident underscores the critical importance of implementing robust security measures to protect against data breaches and unauthorized access.

Key point: Total records exposed: 3,966,024

Key point: Types of data included: Email Addresses, Plaintext Passwords, Homepage URLs

Key point: Source structure: Stealer Log (15Kk ULP)

Key point: Leak location: Prominent hacking forum, uploaded by a Telegram user.

Key point: Date of first appearance: March 28, 2024

The exposure of plaintext passwords aligns with a broader trend of attackers targeting poorly secured databases and systems. Security researcher Bob Diachenko has repeatedly highlighted the dangers of misconfigured databases in reports covered by outlets like BleepingComputer, emphasizing that even without sophisticated hacking techniques, simple misconfigurations can lead to massive data exposure. While we don't know the specific vulnerability exploited in this case, the plaintext storage points to a fundamental security flaw. The practice of storing passwords in plaintext is a known security risk, as highlighted in numerous cybersecurity reports and guidelines. The OWASP (Open Web Application Security Project), a leading authority on web application security, strongly advises against storing passwords in plaintext and recommends the use of robust hashing algorithms.

Email · Address · Plaintext · Password · Homepage · Url