Security News > 2021 > February > Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week.

Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.

Of note, officials have not publicly drawn any connection between the credentials discovered in the leaked credential breach databases and the attack last week.

Researchers with CyberNews recently delved into a breach compilation leaked online by hackers in 2017 and the more recent COMB data trove "To search for credentials from the domain ci.oldsmar.fl.us," according to a blog post published Thursday by Bernard Meyer with CyberNews, and found several matches.

Researchers claim the attackers may have used the credentials acquired from either the 2017 breach compilation or COMB in the hack.

Given the close date of the COMB leak to the attack, it's more likely that it was in this database that attackers found the credentials used in the system breach, Meyer noted.

News URL

https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/