QuickBooks

We've observed a concerning trend of older breaches resurfacing in new combolists, often targeting users who may have become complacent about legacy account security. This incident came to our attention while tracking activity on a well-known hacking forum where older datasets are frequently traded and combined. What really struck us wasn't the size of the breach itself, but the fact that it involved plaintext passwords from QuickBooks, a popular financial software used by many businesses. This combination of sensitive application data and easily deciphered credentials poses an elevated risk to organizations.

QuickBooks User Credentials Exposed in Resurfaced 2018 Breach

A data breach impacting 23,880 QuickBooks users has resurfaced, highlighting the long-tail risk associated with older security incidents. The breach, which originally occurred in August 2018 at the French ecommerce platform Esistoire, exposed email addresses and, more critically, passwords stored in plaintext. This data has now been circulating on hacking forums, increasing the likelihood of credential stuffing attacks against QuickBooks accounts and potentially other services where users may have reused the same passwords.

The breach was initially identified in August 2018 when the Esistoire database was compromised. The exposed data was subsequently shared on a popular hacking forum, where it has been periodically re-shared and incorporated into larger combolists. What caught our attention was the presence of QuickBooks user credentials within this dataset. Given the sensitive nature of financial data managed through QuickBooks, the exposure of plaintext passwords represents a significant security risk for affected businesses.

This incident matters to enterprises now because it underscores the importance of proactive password management and monitoring for leaked credentials, even from seemingly unrelated or older breaches. The use of plaintext passwords is an outdated and highly insecure practice, and its presence in a breach from 2018 highlights the need for organizations to adopt modern authentication methods, such as multi-factor authentication (MFA) and password hashing algorithms. This event highlights the automation of attacks by combining older breaches with credential stuffing tools to compromise critical business accounts.

Key point: Total records exposed: 23,880

Key point: Types of data included: Email Address, Plaintext Password

Key point: Sensitive content types: Potentially financial data accessible through compromised QuickBooks accounts

Key point: Source structure: Database, Combolist

Key point: Leak location(s): Popular hacking forum

Key point: Date of first appearance: August 2018 (Esistoire breach), resurfaced recently

Security researcher Troy Hunt added the Esistoire breach to Have I Been Pwned? in 2018, noting the severity of plaintext password storage. As Hunt stated, "Storing passwords in plaintext is inexcusable, and it’s a practice that should have been eliminated years ago." The re-emergence of this data underscores the need for constant vigilance and proactive security measures, even years after an initial breach.

Email · Address · Plaintext · Password