ScienceAsia

We've seen a consistent pattern of older breaches resurfacing in recent combolists, often targeting smaller or niche platforms that may not have the resources for robust security. Our team recently identified one such instance: a data breach impacting ScienceAsia, a scientific journal, which originally occurred in August 2018. What really struck us wasn't the size of the breach—18,252 records—but the longevity of the data and its continued presence in circulation. This highlights the persistent risk posed by older breaches and the need for continuous monitoring and proactive defense measures.

ScienceAsia Breach: 18k+ Email Addresses and Password Hashes Resurface

The ScienceAsia breach, which occurred nearly six years ago, exposed the email addresses and password hashes of 18,252 users. The data had been circulating quietly in underground channels, but we noticed a recent spike in its appearance within known combolists used for credential stuffing attacks. This suggests an ongoing effort to exploit these credentials, despite the age of the breach. The official portal of ScienceAsia, a peer-reviewed journal published by the Science Society of Thailand, was the original source of the compromised data.

The breach caught our attention due to the structured nature of the data and its persistence in various combolists. While the number of records is relatively small compared to mega-breaches, the targeted nature of the journal suggests a potential interest in scientific research data or access to academic networks. This matters to enterprises now because it underscores the long-term risk associated with even seemingly minor breaches. The credentials could be used to pivot into other systems or gain access to sensitive information within affiliated organizations.

This incident aligns with broader threat themes involving the aggregation and exploitation of older data breaches. Combolists, often traded and sold on platforms like Telegram and various dark web marketplaces, combine credentials from multiple sources, increasing the likelihood of a successful match. This breach serves as a reminder that organizations must remain vigilant about monitoring for compromised credentials, even those originating from older incidents. Protecting against credential stuffing attacks and implementing multi-factor authentication are crucial steps in mitigating this risk.

Key point: Total records exposed: 18,252

Key point: Types of data included: Email Addresses, Password Hashes

Key point: Sensitive content types: Potentially access to scientific research data

Key point: Source structure: Unknown format

Key point: Leak location(s): Underground forums, combolists, Telegram channels

Key point: Date of first appearance: August 26, 2018

While specific details about the original breach and its handling are scarce in mainstream media, the re-emergence of this data highlights the challenges of securing online platforms, especially those with limited resources. Discussions on security-focused forums often emphasize the importance of robust password hashing algorithms and proactive monitoring for compromised credentials. As one security researcher noted on X (Twitter), "Old breaches never truly die; they just resurface at the worst possible moment."

Email · Address · Password · Hash