RecruitOnNet

We've been tracking an uptick in smaller, older breaches resurfacing on various dark web forums, often bundled into larger "combolists" targeting specific demographics or industries. What really struck us with this particular incident wasn't the number of records, but rather the specific target: a photography hardware company, **Quantum Instruments**, and the age of the breach itself dating back to **August 2018**. The data had been circulating quietly, but we noticed it being offered alongside credentials from other, more recent breaches targeting photographers and related creative professionals. This suggests a potential, ongoing campaign to compromise accounts within this niche.

RecruitOnNet's 2018 Breach Resurfaces, Targeting Photography Professionals

This breach involved **33,833** user records from **RecruitOnNet**, the official U.S. online portal for **Quantum Instruments**. The breach, which occurred in **August 2018**, has recently resurfaced on multiple dark web forums, raising concerns about its potential use in targeted attacks. What caught our attention was the specific focus on users of a professional-grade photography hardware company, suggesting a potential interest in accessing sensitive photography equipment, client lists, or intellectual property. This breach matters to enterprises now because it highlights the long tail of risk associated with older breaches and the potential for seemingly innocuous data to be weaponized in sophisticated attacks. It also underscores the broader threat theme of credential stuffing and account takeover, where attackers leverage compromised credentials to gain unauthorized access to valuable accounts.

**Breach Stats:**

* Total records exposed: **33,833**
* Types of data included: **Email addresses**, **MD5 password hashes**
* Sensitive content types: Potentially sensitive information related to photography equipment and user accounts.
* Source structure: **Database**
* Leak location(s): Dark web forums, combolists

While there doesn't appear to be extensive media coverage of the original **2018** breach, it is listed on Have I Been Pwned, confirming its legitimacy. This re-emergence of older credentials aligns with observed trends in credential stuffing attacks, where threat actors leverage historical breaches to target specific industries. The use of **MD5 hashes** is also noteworthy, as this outdated hashing algorithm is easily cracked using modern tools, further increasing the risk to affected users.

Email · Address · Password · Hash