We've been tracking an uptick in breaches affecting Latin American companies, often involving customer databases with relatively limited data types. What struck us about this particular incident wasn't the sophistication of the attack, but the speed with which the data appeared on public channels after the initial compromise. The breach at SuperCines, a major movie theater chain in Ecuador, is a case in point. While the exposed data might seem limited at first glance, the rapid dissemination raises concerns about potential follow-on attacks like phishing and social engineering targeting a specific geographic region.

SuperCines Breach: 59k Customer Records Exposed

In December 2024, a database belonging to SuperCines, Ecuador's leading movie theater chain, was leaked on various illicit channels. The breach, affecting 59,261 users, involved the exposure of personally identifiable information (PII), including phone numbers, full names, and dates. We discovered the leak while monitoring a Telegram channel known for hosting dumps of compromised Latin American databases. What caught our attention was the quick turnaround time – the data appeared within days of the presumed compromise, suggesting a highly efficient exfiltration and distribution process.

This breach matters to enterprises because it highlights the ongoing risk of relatively unsophisticated attacks leading to rapid data exposure. While the specific data types involved (names, phone numbers) might not immediately scream "high risk," they are valuable building blocks for social engineering attacks. Imagine targeted phishing campaigns leveraging movie preferences combined with leaked phone numbers – a potent combination for tricking users into divulging further information or clicking malicious links. The geographic focus on Ecuador also suggests a potential regional threat actor or a targeted campaign.

Key point: Total records exposed: 59,261

Key point: Types of data included: Phone Number, First Name, Last Name

Key point: Source structure: Database

Key point: Leak location(s): Telegram channels

Key point: Date of first appearance: 21-Dec-2024

External Context & Supporting Evidence

While no major news outlets have yet covered this specific breach, the trend of increasing cyberattacks targeting Latin American companies is well-documented. A recent report by Kaspersky highlighted a significant rise in phishing attacks across the region, with a particular focus on sectors like retail and entertainment. This SuperCines breach aligns with that trend, suggesting that regional businesses are increasingly becoming targets for cybercriminals. Furthermore, discussions on Breach Forums indicate a growing interest in monetizing relatively small but geographically targeted datasets, particularly for follow-on social engineering campaigns. One forum post noted that "even basic info like names and numbers can be valuable if you know the region and the language," hinting at the potential for highly localized and effective phishing attacks.

Phone · Number · First · Name · Last

We're increasingly seeing breaches that aren't the result of sophisticated exploits, but rather the aggregation of compromised credentials across numerous smaller incidents. Our team flagged a recent posting on a well-known hacking forum that initially appeared to be just another stealer log. What really struck us wasn't the 10 million records claimed, but the presence of over **2.38 million unique email addresses** associated with a single platform: **SuperCines**, a movie streaming website. The fact that passwords were stored in plaintext, combined with the scale of the exposure, immediately elevated this beyond a typical credential stuffing risk.

SuperCines Breach: 2.38M Accounts Exposed via Stealer Log

A stealer log, titled "**10Kk Ulp (Not Own)**" surfaced on a popular hacking forum on **December 21, 2024**. This log contained a trove of data harvested from compromised systems, and upon analysis, a significant portion of the records were linked to **SuperCines**, a movie streaming platform. The exposed data included **2,389,272 unique email addresses**, along with associated **homepage URLs** and, critically, **passwords stored in plaintext**. This combination of factors makes this breach particularly concerning.

The breach was discovered when our team was monitoring known hacking forums for mentions of compromised databases. The sheer volume of unique email addresses associated with SuperCines within the stealer log is what initially caught our attention. Further investigation revealed that the passwords were not hashed or encrypted, a security lapse that significantly increases the risk of account takeover.

This incident matters to enterprises because it demonstrates the ongoing threat of credential harvesting and the potential for seemingly minor breaches to aggregate into significant exposures. Even if an organization doesn't directly use SuperCines, employees may have reused their corporate email and password on the platform, creating a pathway for attackers to gain access to sensitive internal systems. This highlights the persistent danger of password reuse across personal and professional accounts, a threat vector actively exploited through stealer logs and credential stuffing attacks. The lack of basic security measures such as password hashing on SuperCines demonstrates a systemic security failing that can have cascading consequences.

Key point: Total records exposed: 2,389,272

Key point: Types of data included: Email Address, HomePage URL, Plaintext Password

Key point: Sensitive content types: PII

Key point: Source structure: Stealer Log

Key point: Leak location(s): Popular hacking forum

Key point: Date of first appearance: December 21, 2024

The prevalence of stealer logs as a source of breached data is a growing trend. Security researchers at BleepingComputer have reported extensively on the rise of information-stealing malware like "AMOS Stealer," which specifically targets crypto wallets and browser extensions, highlighting the diverse range of data that can be compromised through these logs. This SuperCines breach underscores the need for robust password management practices and multi-factor authentication to mitigate the risks associated with compromised credentials obtained through stealer logs and similar sources.

Email · Address · Homepage · Url · Plaintext · Password