SnazzyJobs

We've been tracking the resurgence of older breach datasets appearing in credential stuffing attacks, often targeting smaller businesses that may not have the most robust security postures. Our team identified a recent spike in activity involving credentials associated with a now-defunct job board. What struck us wasn't the size of the breach itself, but the continued viability of these older credentials in modern attacks, suggesting users may be reusing passwords across multiple platforms. This particular breach, from a site called SnazzyJobs, highlights the long tail of risk associated with even relatively small data exposures.

The Defunct Job Board's Lingering Shadow

In August 2018, a dataset containing 16,579 user records from SnazzyJobs, an Ireland-based employment website, was leaked on underground sources and has recently resurfaced. The data included email addresses and password hashes, the format of which remains unspecified in available reporting. The site itself is now defunct, but the harvested credentials are still circulating.

The breach initially caught our attention due to its appearance in several recent combolists targeting specific industries. While the individual records are not new, their continued presence in active attack campaigns suggests that a significant portion of the affected users have not updated their passwords on other platforms. This makes them vulnerable to credential stuffing attacks, where attackers use leaked username/password combinations to attempt to gain access to other accounts.

This breach matters to enterprises now because it underscores the importance of proactive credential monitoring. Even seemingly minor data breaches from years ago can pose a significant risk if employees have reused their passwords. The SnazzyJobs leak serves as a reminder that older breaches can be weaponized for years to come, especially given the automation of attacks using tools readily available on Telegram channels and dark web marketplaces.

Key point: Total records exposed: 16,579

Key point: Types of data included: Email Address, Password Hash

Key point: Sensitive content types: Potentially PII depending on password recovery questions linked to the email addresses.

Key point: Source structure: Unknown database format.

Key point: Leak location(s): Underground forums, combolists.

Key point: Date of first appearance: August 26, 2018

External Context & Supporting Evidence

While the SnazzyJobs breach itself didn't receive widespread media coverage at the time, similar breaches of smaller websites have been reported by outlets like BleepingComputer, highlighting the ongoing risk of data exposure from smaller, less secure platforms. The reuse of credentials obtained from such breaches is a common theme in many recent threat reports, including those detailing the activities of stealer logs sold on Telegram. This underscores the need for enterprises to monitor for compromised credentials associated with their domains and employees, regardless of the source of the breach. One Telegram post claimed the files were useful for "cracking accounts on smaller SaaS platforms".

Email · Address · Password · Hash