NewReleaseToday

We've been tracking a slow but steady trickle of older breaches resurfacing on Telegram channels and dark web forums. What caught our attention with the NewReleaseToday breach wasn't the size – just over 144,000 records – but the age and the specific target: a niche Christian music website. The re-emergence of this 2017 breach highlights the long tail of data security incidents and the persistent risk posed by older, seemingly forgotten vulnerabilities. The fact that these credentials, even years later, are being actively traded and potentially used in credential stuffing attacks is a stark reminder that data breaches have a very long shelf life.

NewReleaseToday Breach: Resurfaced Credentials from Christian Music Site

The NewReleaseToday breach, originally occurring in October 2017, involved the compromise of 144,209 user records. The data, which included email addresses and MD5 password hashes, was recently observed being circulated on a Telegram channel known for aggregating and selling leaked databases. The breach likely occurred due to a vulnerability in the website's database security practices, allowing attackers to exfiltrate user data. The use of MD5, a weak hashing algorithm, further exacerbates the risk, as these hashes are easily cracked using readily available tools.

This breach is significant for several reasons. First, it demonstrates that even smaller, niche websites are attractive targets for attackers. Second, it underscores the importance of using strong password hashing algorithms and regularly updating security practices. Finally, the re-emergence of this data years later highlights the enduring risk posed by compromised credentials. Even if users have changed their passwords since 2017, the availability of their old credentials in leaked databases increases their risk of falling victim to credential stuffing attacks on other platforms.

This incident ties into the broader threat landscape of credential reuse and the proliferation of leaked databases on underground forums. Attackers often use these databases to attempt to gain unauthorized access to user accounts on other websites and services, a tactic known as credential stuffing. The automation of these attacks, coupled with the availability of cheap and readily available tools, makes it easy for attackers to target a large number of accounts with minimal effort. This breach serves as a reminder that organizations must take a proactive approach to data security, including implementing strong password policies, using robust hashing algorithms, and monitoring for compromised credentials.

Key point: Total records exposed: 144,209

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: Email addresses, hashed passwords

Key point: Source structure: Database dump (likely SQL)

Key point: Leak location(s): Telegram channel

Key point: Date of first appearance: October 2017 (original breach), recent resurfacing observed in [Current Month] 2024

External Context & Supporting Evidence

While the NewReleaseToday breach itself didn't garner significant mainstream media attention in 2017, similar breaches of smaller websites have been frequently reported over the years. For example, BleepingComputer has covered numerous instances of smaller sites being targeted for their user databases, highlighting the pervasive nature of this threat. The re-emergence of this data aligns with the growing trend of leaked databases being traded and sold on Telegram channels and dark web forums. These channels often serve as marketplaces for stolen credentials, allowing attackers to purchase access to large quantities of compromised data.

The use of MD5 hashing is a known security vulnerability. Security researchers have long warned against the use of MD5 due to its susceptibility to collision attacks, which can allow attackers to easily crack passwords. The National Institute of Standards and Technology (NIST) recommends using stronger hashing algorithms, such as SHA-256 or SHA-3, to protect passwords.

Email · Address · Password · Hash