TradeXcel Graphics (CutoutHub)

We've observed a concerning trend of data breaches targeting smaller businesses, particularly those handling sensitive customer information but potentially lacking enterprise-grade security. Our team noticed a recent listing on a popular breach forum advertising a database from **TradeXcel Graphics (CutoutHub)**, a company specializing in graphic design services. What really struck us wasn't the size of the breach—only **741** records—but the breadth of personal data exposed, including password hashes and birthdays, making it a prime target for credential stuffing and identity theft. The fact that a graphics company, not typically associated with high-value data, could be compromised in this way highlights the pervasive risk across all sectors.

TradeXcel Graphics Breach: A Small Leak with Big Implications

On **January 29, 2023**, a database belonging to **TradeXcel Graphics (CutoutHub)** surfaced on a well-known breach forum. While the total number of records was relatively small, the nature of the data exposed raised immediate concerns. The database contained a mix of personal and account information, creating a significant risk for affected individuals. This incident underscores how even smaller entities can become attractive targets for cybercriminals seeking personal data.

The breach was discovered through routine monitoring of underground marketplaces and forums known for trading in stolen data. The listing specifically advertised a database dump from **TradeXcel Graphics**, detailing the types of data included. The combination of email addresses, phone numbers, password hashes, full names, genders, and birthdays immediately caught our attention due to its potential for identity theft and targeted phishing campaigns. The fact that the passwords were hashed using bcrypt, while better than no protection, doesn't eliminate the risk of them being cracked using readily available tools.

This breach matters to enterprises because it highlights the downstream risk associated with third-party vendors. Even if an organization has robust internal security, its data can be compromised if a smaller vendor with access to that data suffers a breach. Furthermore, the types of data exposed in this breach are commonly used in credential stuffing attacks, where attackers attempt to reuse stolen credentials across multiple online services. This incident ties into the broader threat theme of supply chain risk and the importance of thoroughly vetting the security practices of all third-party providers.

Key point: Total records exposed: **741**

Key point: Types of data included: Email Address, Phone Number, Password Hash (**bcrypt**), First Name, Last Name, Gender, Birthday

Key point: Sensitive content types: PII

Key point: Source structure: Database dump

Key point: Leak location(s): Breach Forum

Key point: Date of first appearance: **January 29, 2023**

External Context & Supporting Evidence

While specific news coverage of this particular TradeXcel Graphics breach is limited, similar incidents involving smaller businesses are frequently reported. For example, BleepingComputer regularly covers breaches impacting smaller organizations, highlighting the increasing trend of cyberattacks targeting entities with weaker security postures. These reports often emphasize the same risks present in the TradeXcel Graphics breach: the potential for identity theft, credential stuffing, and targeted phishing attacks.

Discussions on relevant forums and Telegram channels often revolve around the monetization of breached data. One common theme is the use of breached email/password combinations for credential stuffing attacks against popular online services. While we don't have specific quotes related to this TradeXcel Graphics breach, the general sentiment underscores the real-world impact of even relatively small data leaks.

Email · Address · Phone · Number · Password · Hash · First · Name · Last · Gender · Birthday