The Poetry Society

We've been tracking a consistent pattern of breaches targeting older, established organizations with limited cybersecurity resources. What really struck us about **The Poetry Society** breach wasn't the volume of records, but the age of the organization and the use of outdated security practices. The data had been circulating quietly for years, but we noticed a recent uptick in its appearance on various dark web forums, suggesting renewed interest from threat actors, possibly for credential stuffing attacks. This highlights the long tail risk associated with legacy systems and data.

The Poetry Society Breach: 30k Records Exposed in Legacy System Compromise

In February 2018, The Poetry Society, a UK-based organization with roots dating back to 1909, suffered a data breach impacting 30,459 users. The breach, which exposed email addresses and password hashes, underscores the vulnerability of older institutions relying on outdated security measures. The incident came to light after a database dump was offered for sale on a now-defunct dark web marketplace.

The breach caught our attention due to the simple fact that it was a small, relatively obscure organization. The use of MD5 password hashes, a cryptographically broken algorithm, also raised concerns about the overall security posture. While not a high-profile target, the compromised data represents a valuable asset for attackers seeking to reuse credentials across other platforms. This type of breach is particularly relevant to enterprises now, as it highlights the risks associated with third-party vendors and potential supply chain vulnerabilities. Even seemingly innocuous organizations can become entry points for broader attacks.

Key point: Total records exposed: 30,459

Key point: Types of data included: Email Address, Password Hash

Key point: Sensitive content types: None explicitly, but email addresses can be used for targeted phishing campaigns

Key point: Source structure: Database dump

Key point: Leak location(s): Dark web marketplace (now defunct), various breach forums

Key point: Date of first appearance: 13-Feb-2018

The use of MD5 for password hashing is a significant vulnerability. Security experts have long warned against its use, as it is susceptible to collision attacks, making password cracking relatively easy. As BleepingComputer reported extensively in 2018, many older websites and forums are still using MD5, making them prime targets for credential harvesting. The incident underscores the critical need for organizations to adopt modern cryptographic standards, such as bcrypt or Argon2, to protect user passwords.

Email · Address · Password · Hash