We've been tracking a persistent trend of older breaches resurfacing in credential stuffing attacks and password spraying campaigns. What really struck us about this particular incident wasn't the volume of records, but the fact that the passwords were stored in plaintext. In an era where even basic security practices should include password hashing, the exposure of 32,797 accounts with plaintext credentials from the now-defunct Indian job portal RecruitOnNet represents a significant and easily exploitable risk. The data had been circulating quietly in combolists, but we noticed increased chatter referencing it on several dark web forums, suggesting renewed interest from threat actors.

RecruitOnNet's Plaintext Password Problem: A Look Back at a Lingering Threat

The RecruitOnNet breach, originally dated August 24, 2018, involved the exposure of 32,797 user records. The breach was discovered after the dataset appeared on underground forums frequented by cybercriminals. What made it stand out was the incredibly poor security posture: the exposed data included both email addresses and **plaintext passwords**. This is a stark contrast to modern security practices that mandate password hashing and salting to protect user credentials, and it made the accounts highly vulnerable to immediate compromise. The re-emergence of this data highlights the long tail of risk associated with legacy breaches and the continued value of even old credentials to attackers. This matters to enterprises now because employees often reuse passwords across personal and professional accounts, making even seemingly insignificant breaches a potential entry point for attackers targeting corporate networks. This incident is a prime example of how older breaches continue to fuel credential-based attacks, a theme we are seeing with increasing frequency across various industries.

Breach Stats:

* Total records exposed: 32,797
* Types of data included: Email addresses, plaintext passwords
* Source structure: Likely a database export or dump, given the nature of the data
* Leak location(s): Underground forums, combolists

While specific forum URLs are difficult to pinpoint retroactively without active monitoring at the time, similar plaintext breaches are often traded on platforms like Breach Forums and various Telegram channels dedicated to credential sharing. The age of the breach does not diminish the risk; in fact, it often increases it as users may have forgotten about the accounts or reused the passwords on other, more critical services.

External Context & Supporting Evidence:

While there isn't specific reporting on RecruitOnNet from major outlets like KrebsOnSecurity or The Record, the broader issue of plaintext password storage and its consequences is well-documented. Numerous security blogs and articles have covered similar breaches, emphasizing the importance of proper password security measures. For example, Troy Hunt's "Have I Been Pwned" database tracks breaches involving plaintext passwords, highlighting the widespread nature of this issue. The lack of specific media coverage for RecruitOnNet underscores the fact that many smaller breaches go unreported, yet still pose a significant risk to individuals and organizations. The presence of this data in combolists used for credential stuffing attacks suggests that threat actors are actively leveraging it to gain unauthorized access to various online services.

Email · Address · Plaintext · Password

We've been tracking an uptick in smaller, older breaches resurfacing on various dark web forums, often bundled into larger "combolists" targeting specific demographics or industries. What really struck us with this particular incident wasn't the number of records, but rather the specific target: a photography hardware company, **Quantum Instruments**, and the age of the breach itself dating back to **August 2018**. The data had been circulating quietly, but we noticed it being offered alongside credentials from other, more recent breaches targeting photographers and related creative professionals. This suggests a potential, ongoing campaign to compromise accounts within this niche.

RecruitOnNet's 2018 Breach Resurfaces, Targeting Photography Professionals

This breach involved **33,833** user records from **RecruitOnNet**, the official U.S. online portal for **Quantum Instruments**. The breach, which occurred in **August 2018**, has recently resurfaced on multiple dark web forums, raising concerns about its potential use in targeted attacks. What caught our attention was the specific focus on users of a professional-grade photography hardware company, suggesting a potential interest in accessing sensitive photography equipment, client lists, or intellectual property. This breach matters to enterprises now because it highlights the long tail of risk associated with older breaches and the potential for seemingly innocuous data to be weaponized in sophisticated attacks. It also underscores the broader threat theme of credential stuffing and account takeover, where attackers leverage compromised credentials to gain unauthorized access to valuable accounts.

**Breach Stats:**

* Total records exposed: **33,833**
* Types of data included: **Email addresses**, **MD5 password hashes**
* Sensitive content types: Potentially sensitive information related to photography equipment and user accounts.
* Source structure: **Database**
* Leak location(s): Dark web forums, combolists

While there doesn't appear to be extensive media coverage of the original **2018** breach, it is listed on Have I Been Pwned, confirming its legitimacy. This re-emergence of older credentials aligns with observed trends in credential stuffing attacks, where threat actors leverage historical breaches to target specific industries. The use of **MD5 hashes** is also noteworthy, as this outdated hashing algorithm is easily cracked using modern tools, further increasing the risk to affected users.

Email · Address · Password · Hash