RTV (Rajawali Televisi)

We've been tracking the resurgence of older breach datasets, often resurfacing in credential stuffing attacks or being aggregated into larger password dictionaries. What caught our attention with the RTV (Rajawali Televisi) breach wasn't its size, but its age and the fact that it was being actively traded on several smaller, less-monitored dark web forums. The data had been circulating quietly since 2018, but we noticed a recent uptick in mentions alongside discussions about password cracking and account takeover tools targeting Indonesian streaming services. This suggests a renewed interest in leveraging this older data for potentially broader attacks within the region.

RTV Breach: 351k Credentials Resurface in Targeted Campaigns

The RTV (Rajawali Televisi) breach, originally occurring on August 26, 2018, involved the exposure of 351,568 user records. The compromised data includes email addresses and MD5 hashed passwords. While the breach itself is not new, its re-emergence and active trading within certain dark web communities indicates an ongoing threat. This breach initially targeted FullHyderabad, an Indian classified ads platform.

The breach came to our attention after observing increased chatter on several underground forums where older databases are often bartered. The specific mention of RTV credentials alongside discussions of password cracking tools suggested that the data was not simply being archived, but actively being prepared for use in credential stuffing attacks. The focus on Indonesian streaming services also indicated a targeted campaign, rather than a broad, opportunistic attack.

This matters to enterprises now because it highlights the long tail of data breaches. Even years after an initial compromise, exposed credentials can remain a threat, especially if users have reused passwords across multiple platforms. The resurgence of this older data underscores the need for continuous monitoring of dark web channels and proactive measures to identify and mitigate the risk of credential-based attacks. This breach is a reminder that compromised data doesn't simply disappear; it can resurface and be weaponized years later.

Key point: Total records exposed: 351,568

Key point: Types of data included: Email Address, Password Hash

Key point: Sensitive content types: User Credentials

Key point: Source structure: Database

Key point: Leak location(s): Dark Web Forums

Key point: Date of first appearance: August 26, 2018

External Context & Supporting Evidence

While the RTV breach itself didn't garner significant mainstream media attention at the time, the practice of leveraging older breach data for credential stuffing is well-documented. Security researchers have repeatedly warned about the risks of password reuse and the long-term impact of data breaches. As BleepingComputer reported in a similar case, "Even older breaches can be a goldmine for attackers if users haven't updated their passwords since the breach occurred."

Further supporting this trend, discussions on security-focused Reddit communities, such as r/netsec, frequently highlight the ongoing threat posed by older credential dumps. One user commented, "It's amazing how many people still use the same password they used 5 or 10 years ago. These old breaches are still incredibly valuable."

Email · Address · Password · Hash