SuperBetter

We've been tracking a worrying trend of older breaches resurfacing in aggregated combolists, often catching organizations off guard years after the initial incident. What really struck us about the recent appearance of the SuperBetter data wasn't the relatively low volume of records, but the fact that passwords were stored in plaintext. This is an egregious security lapse, even by 2017 standards, and its reappearance highlights the long tail of risk associated with poor data security practices. The data had been circulating quietly for some time, but we noticed a spike in chatter on several dark web forums, indicating renewed interest in these credentials.

The Gamified Mental Health App That Exposed 34k Passwords in Plaintext

SuperBetter, a US-based gamified mental health app, suffered a data breach in May 2017, exposing approximately 34,000 unique records. The breach, which involved a database compromise, resulted in the exposure of email addresses and, critically, passwords stored in plaintext. The compromised data was subsequently shared on a prominent hacking forum, making it readily accessible to malicious actors. This incident underscores the ongoing risk posed by legacy security vulnerabilities and the potential for old breaches to be weaponized in credential stuffing attacks.

The breach was discovered when the data appeared on a well-known hacking forum. What caught our attention was the blatant storage of passwords in plaintext, a practice that should have been phased out long before 2017. This significantly amplifies the risk, as compromised credentials can be immediately used to access other accounts. The incident matters to enterprises now because these credentials may still be valid on other platforms, particularly if users haven't updated their passwords since 2017. The re-emergence of this data highlights the enduring threat of credential reuse and the need for continuous monitoring of leaked data for compromised credentials.

Key point: Total records exposed: 34,043

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Database Dump (inferred)

Key point: Leak location(s): Prominent hacking forum (specific URL unavailable)

Key point: Date of first appearance: May 22, 2017

While there was limited mainstream media coverage of the SuperBetter breach at the time, the incident was documented on several security-focused websites and forums. Security researcher Troy Hunt added the breach to Have I Been Pwned on May 22 2017, further validating the authenticity and impact of the leak. Discussions on Reddit and other platforms at the time focused on the poor security practices employed by SuperBetter, particularly the storage of passwords in plaintext. One user on Reddit commented that it was "unbelievable that a company handling sensitive health information would be so lax with security."

Email · Address · Plaintext · Password