TuttoWrestling

We noticed a significant data leak surfacing on a well-known hacking forum on April 2nd, 2018. The dataset, originating from TuttoWrestling, an Italian online community and news hub for wrestling enthusiasts, contained over ten thousand user records. What struck us was the inclusion of phpBB hashed passwords, a common vulnerability in older forum software, suggesting a potential exploitation of known weaknesses. The nature of the exposed data, particularly the combination of email addresses and password hashes, presents a clear risk of credential stuffing attacks against both the TuttoWrestling platform and potentially other services where users might have reused credentials.

The breach breakdown reveals that 10,210 records were compromised from TuttoWrestling. The exposed data types are primarily email addresses and password hashes, specifically those generated by the phpBB forum software. The source structure appears to be a direct database dump, likely acquired through SQL injection or other database exploitation methods. The leak occurred on a prominent hacking forum, indicating a deliberate effort to disseminate the compromised information. The threat themes here are clear: credential harvesting for account takeover and potential for further phishing or social engineering attacks leveraging the email addresses. The use of a common forum software also points to a potential pattern of exploitation against similar platforms.

While there was no immediate widespread news coverage directly tied to this specific TuttoWrestling leak at the time of its discovery, the nature of the data and the platform it originated from suggests it likely contributed to the broader trend of compromised forum credentials being weaponized. Research into phpBB vulnerabilities around 2018 would likely reveal numerous discussions and exploits targeting its hashing mechanisms, making this leak a predictable outcome for unpatched or misconfigured installations. OSINT checks at the time would have confirmed the forum's reputation for hosting such compromised datasets, underscoring the importance of proactive security measures for any online community platform.