Ski.bg

We've been tracking a resurgence of older breaches appearing in combined credential lists ("combolists") targeting specific industries. While the individual breaches themselves are not new, their reappearance in readily available formats presents a renewed risk, particularly when plaintext passwords were part of the original leak. What struck us about a recent sample was the continued presence of easily decipherable passwords from a breach dating back to **2018**. The age of the data belies the potential for reuse across other, more critical accounts.

Ski.bg Breach: 11.5k Accounts Exposed with Plaintext Passwords

A breach impacting Ski.bg, a Bulgarian website for ski and snowboard enthusiasts, has resurfaced, exposing 11,505 user records. The data includes email addresses and, critically, plaintext passwords. The breach originally occurred in August 2018 and has now reappeared in combolists circulating on various online forums and marketplaces. This isn't a sophisticated attack; it's the lingering effect of poor security practices from years past.

The renewed availability of this data is concerning for several reasons. First, the use of plaintext passwords indicates a significant lapse in security hygiene on the part of Ski.bg at the time of the breach. Second, even though the breach is several years old, users may have reused these passwords on other accounts, making them vulnerable to credential stuffing attacks. We observed mentions of the Ski.bg breach in a thread on the Breach Forums, with one user noting the ease of cracking the passwords due to their simplicity. This highlights the ongoing risk posed by even seemingly minor breaches when they involve easily compromised credentials.

This breach serves as a stark reminder that legacy vulnerabilities can continue to pose a threat for years to come. The automation of credential stuffing attacks, coupled with the proliferation of combolists, means that even relatively small breaches can have significant consequences. It underscores the importance of proactive password monitoring and the need for organizations to encourage users to adopt unique, complex passwords across all their accounts.

Key point: Total records exposed: 11,505

Key point: Types of data included: Email Address, Plaintext Password

Key point: Sensitive content types: Passwords

Key point: Source structure: Unknown

Key point: Leak location(s): Underground forums, combolists

Key point: Date of first appearance: August 21, 2018 (original breach), resurfacing in 2024 in combolists

External Context & Supporting Evidence

While the Ski.bg breach itself didn't garner widespread media attention, the practice of storing passwords in plaintext has been widely condemned by security experts. Numerous articles and reports from organizations like OWASP (Open Web Application Security Project) emphasize the dangers of this practice and advocate for the use of strong hashing algorithms. The reappearance of this data in combolists aligns with a broader trend of attackers leveraging older breaches for credential stuffing and account takeover attacks. Several threat intelligence platforms track the circulation of combolists and provide indicators of compromise to help organizations identify potentially compromised credentials. The incident highlights the lasting impact of poor security practices and the importance of continuous monitoring for exposed credentials.

Email · Address · Plaintext · Password