Psiquiatria

We've been tracking a resurgence of older breaches appearing in aggregated dumps on Telegram channels, often repackaged with promises of "new" data. What caught our attention wasn't the size of this particular dataset, but the age and potential for password reuse. The Psiquiatria breach from August 2018, affecting 155,192 users, resurfaced this week. While seemingly insignificant on its own, the use of weak MD5 password hashes in the original breach, combined with the years that have passed, significantly elevates the risk.

Psiquiatria's 2018 Breach Resurfaces, Highlighting Password Reuse Risks

The Psiquiatria breach, initially reported in August 2018, exposed 155,192 user records. The data includes email addresses and MD5 password hashes. The data was discovered on a Telegram channel known for aggregating and reselling older breach data. While the initial impact may have seemed limited at the time, the re-emergence of this data underscores the persistent threat posed by password reuse and the longevity of breached credentials. The relatively small size of the breach is offset by the use of an outdated hashing algorithm.

What makes this breach relevant now is the continued prevalence of password reuse. Users who haven't updated their passwords since 2018 are at risk of having their accounts compromised across various platforms. Threat actors often target older breaches to harvest credentials for credential stuffing attacks, where they attempt to log in to multiple services using the exposed usernames and passwords. Given the age of this breach, it is highly probable that many users have reused their passwords on other, more critical platforms.

Key point: Total records exposed: 155,192

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: Credentials

Key point: Source structure: Database

Key point: Leak location(s): Telegram channels

Key point: Date of first appearance: August 2018 (initially), resurfaced this week.

The re-emergence of the Psiquiatria breach aligns with a broader trend of threat actors targeting older, less-protected datasets. As BleepingComputer has reported, older breaches continue to be a valuable source of credentials for attackers. The ease with which MD5 hashes can be cracked further amplifies the risk. Several online tools and databases, as noted in various cybersecurity research papers, facilitate the rapid cracking of MD5 hashes, making it trivial for attackers to recover the original passwords.

Email · Address · Password · Hash