Smart Connections

We've been tracking a resurgence in older breaches appearing in combolist attacks, and a recent discovery underscored the risk these legacy datasets still pose. What really struck us wasn't the size of this particular leak – just over 10,000 records – but the fact that it contained plaintext passwords. The ease with which these credentials could be immediately weaponized, coupled with the age of the breach, suggests a significant number of users may still be vulnerable across other platforms. This highlights the enduring threat of password reuse and the need for continuous monitoring of exposed credentials, regardless of the original breach date.

Smart Connections Breach: 10.8k Records with Plaintext Passwords Resurface

In August 2018, Smart Connections, a U.S.-based executive search and consulting firm (now defunct), suffered a data breach. This breach, affecting 10,830 users, recently resurfaced on underground forums and combolist aggregators. The presence of plaintext passwords significantly elevates the risk associated with this leak. We discovered this dataset while monitoring known breach repositories and observed its inclusion in several recent combolist compilations targeting various online services.

The breach caught our attention due to the alarming storage of passwords in plaintext. This practice, considered highly insecure even in 2018, allows for immediate compromise of user accounts. The fact that this data is still circulating and being actively used in credential stuffing attacks demonstrates the long tail of risk associated with poor security practices.

This breach matters to enterprises now because it underscores the persistent threat of password reuse. Even if a company wasn't directly affected by the Smart Connections breach, its employees may have used the same credentials on corporate accounts. This necessitates proactive measures like password reset enforcement, multi-factor authentication adoption, and continuous monitoring of employee credentials against known breach databases.

Key point: Total records exposed: 10,830

Key point: Types of data included: Email addresses, plaintext passwords

Key point: Source structure: Unknown, likely a database export

Key point: Leak location(s): Underground forums, combolist aggregators

Key point: Date of first appearance: August 21, 2018

External Context & Supporting Evidence

While the Smart Connections breach itself didn't receive widespread media coverage at the time, similar breaches involving plaintext passwords have been extensively reported. For example, KrebsOnSecurity has frequently highlighted the dangers of storing passwords insecurely, emphasizing the ease with which these credentials can be exploited. Furthermore, numerous reports from organizations like Verizon and IBM detail the prevalence of password reuse as a major attack vector. The recurrence of this data in recent combolist attacks underscores the importance of addressing credential-based threats proactively.

Email · Address · Plaintext · Password