Phaze Clothing

We've been tracking an uptick in older retail site breaches resurfacing in combolists, often hitting smaller e-commerce platforms that may have deprioritized security after initial development. What caught our attention here wasn't the volume of records from **Phaze Clothing**, a now-defunct UK-based alternative clothing designer, but the age of the breach (**August 2018**) and the continued presence of unsalted **MD5 password hashes** within the dataset. These older breaches, while seemingly less impactful, can still provide attackers with valuable footholds, especially when users reuse credentials across multiple platforms.

Phaze Clothing: 27k Accounts Resurface with Weak Hashing

The **Phaze Clothing** breach, impacting **27,023 users**, highlights the long-tail risk associated with legacy systems and outdated security practices. This data breach, which occurred in **August 2018**, involved the exposure of email addresses and password hashes. The compromised data was subsequently added to various combolists circulating on underground forums. The persistence of this data six years later underscores the importance of proactive security measures and the need for businesses to properly decommission data when ceasing operations.

Key point: Total records exposed: 27,023

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: Potentially reusable credentials

Key point: Source structure: Likely Database Dump (unconfirmed)

Key point: Leak location(s): Combolists on various hacking forums and Telegram channels

Key point: Date of first appearance: August 26, 2018 (initial breach), ongoing in combolists

The use of unsalted **MD5** for password hashing, a practice considered insecure for many years prior to the breach, is particularly concerning. This makes the passwords significantly easier to crack using readily available tools and rainbow tables. Even if the original site is defunct, compromised credentials can be used in credential stuffing attacks targeting other online services where users may have reused their passwords. This breach underscores the importance of using modern cryptographic methods for password storage and regularly auditing security practices, even after a company ceases operations to ensure proper disposal of user data.

While the Phaze Clothing breach itself did not generate widespread media coverage at the time, similar breaches affecting smaller e-commerce sites are frequently reported on security news outlets. For instance, BleepingComputer regularly covers data breaches impacting online retailers, highlighting the ongoing threat to consumer data. The lack of specific reporting on Phaze Clothing likely reflects the company's relatively small size and subsequent closure.

Email · Address · Password · Hash