The Diabetic Skillet

We've been tracking the resurgence of older breach datasets appearing on various hacking forums, often repackaged as "combolists" targeting specific demographics or interests. What caught our attention with **The Diabetic Skillet** breach wasn't its size – at just over **9,000** records, it's relatively small – but the fact that it resurfaced after several years of dormancy, now being actively traded and used in credential stuffing attacks. This suggests a renewed interest in targeting niche websites with potentially vulnerable user bases.

The Diabetic Skillet Breach: 9,264 Accounts Resurface in Combolists

The Diabetic Skillet, a now-defunct recipe website focused on diabetic-friendly meal planning, suffered a data breach in **August 2018**. The breach, which impacted **9,264** users, involved the exposure of email addresses and MD5-hashed passwords. The data was initially leaked on a prominent hacking forum, but has recently resurfaced in combolists circulating across various online platforms.

The re-emergence of this breach is noteworthy for a few reasons. First, it highlights the long shelf life of compromised data and its continued value to malicious actors. Second, it suggests a potential increase in targeted attacks against individuals with specific health conditions, possibly for phishing or other scams. Finally, the use of MD5 hashing, while common at the time, is now considered weak and easily crackable, meaning many of these passwords are likely compromised.

This breach matters to enterprises because it underscores the importance of monitoring for leaked credentials, even from seemingly insignificant sources. Users often reuse passwords across multiple platforms, so a breach on a small website can expose credentials that unlock access to more valuable accounts. The re-emergence of older breaches in combolists is a trend that security teams should be actively tracking, as it can provide early warning of potential credential stuffing attacks.

Key point: Total records exposed: 9,264

Key point: Types of data included: Email addresses, MD5 password hashes

Key point: Sensitive content types: Potentially health-related information due to the nature of the website

Key point: Source structure: Unknown, likely a database export

Key point: Leak location(s): Prominent hacking forum, various combolists

Key point: Date of first appearance: August 26, 2018 (initially); recent re-emergence

While specific details about the initial leak location are scarce, similar breaches from that era often appeared on forums like RaidForums (now defunct, but archived) and various dark web marketplaces. The practice of compiling and trading combolists is well-documented. Security researcher Troy Hunt, creator of Have I Been Pwned?, has written extensively on the risks associated with password reuse and the importance of monitoring for compromised credentials. The appearance of The Diabetic Skillet data in these lists reinforces the need for proactive password management and monitoring strategies.

Email · Address · Password · Hash