Full Report
In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.
Analysis Summary
# Incident Report: Latest Pilot Jobs Data Breach
## Executive Summary
In August 2022, the Latest Pilot Jobs website experienced a data breach resulting in the exposure of 119,000 user records, including emails, names, usernames, and unsalted MD5 password hashes. The compromised data was later observed circulating on a hacking forum. The primary response action recommended to users was immediate password changes and enabling Two-Factor Authentication (2FA).
## Incident Details
- Discovery Date: October 3, 2025 (Date added to HIBP listing)
- Incident Date: August 2022
- Affected Organization: Latest Pilot Jobs
- Sector: Job Board/Recruitment Services (Inferred)
- Geography: Not disclosed
## Timeline of Events
### Initial Access
- Date/Time: August 2022
- Vector: Unknown (Implied vulnerability exploitation or SQL injection leading to database access)
- Details: Attackers successfully accessed and exfiltrated a subset of user data.
### Lateral Movement
- Not detailed in the source material.
### Data Exfiltration/Impact
- 119,000 unique email addresses, names, usernames, and unsalted MD5 password hashes were exfiltrated.
### Detection & Response
- Detection: The breach surfaced later when the data appeared on a hacking forum.
- Response actions taken: Primarily external response focused on notifying affected users through platforms like Have I Been Pwned (HIBP), advising password resets and 2FA implementation.
## Attack Methodology
- Initial Access: Undisclosed.
- Persistence: Not detailed.
- Privilege Escalation: Not detailed.
- Defense Evasion: Not detailed.
- Credential Access: Direct access to password hashes (unsalted MD5).
- Discovery: Not detailed.
- Lateral Movement: Not detailed.
- Collection: Database records containing user PII and credentials.
- Exfiltration: Data spread via hacking forums.
- Impact: Exposure of credentials and personal data.
## Impact Assessment
- Financial: Not available.
- Data Breach: 118.9 thousand records containing emails, names, usernames, and unsalted MD5 password hashes.
- Operational: Not detailed (likely minimal external impact, focused on internal data compromise).
- Reputational: Damage due to public data exposure on hacking forums.
## Indicators of Compromise
- Network indicators: None provided (Defanged).
- File indicators: None provided.
- Behavioral indicators: Unauthorized access to user credential database.
## Response Actions
- Containment: Not detailed, presumed to be patching the vulnerability post-incident.
- Eradication: Not detailed.
- Recovery actions: Advising users to change passwords and enable 2FA on the service.
## Lessons Learned
- Unsalted MD5 hashes provide very weak security; immediate migration off this hashing scheme is critical.
- Data monitoring and timely disclosure are essential, as the data surfaced publicly months after the actual incident.
- Relying solely on weak password hashing is inadequate for protecting user integrity.
## Recommendations
- Immediately implement modern, salt-and-peppered hashing algorithms (e.g., Argon2 or bcrypt) for all stored passwords.
- Mandate or strongly encourage the use of Two-Factor Authentication (2FA) for all user accounts.
- Conduct regular internal audits to ensure PII/credential storage meets current security standards.