Cyber Incident Victim: The Athenaeum
Date:
Dec 2015
Location:
United Kingdom
Summary
A threat actor using the alias "Rubber" compromised The Athenaeum, exposing data from 1,671 users. The breach involved usernames, passwords stored with cryptographic salts, email addresses, and optional social media details including Twitter, Jabber, and Facebook profiles. The stolen credentials and personal information were subsequently leaked publicly via Twitter alongside multiple other website breaches attributed to the same attacker. At the time of reporting, the domain registration for the affected platform had expired, rendering it inaccessible. The incident highlighted broader credential exposure risks across various online platforms, with several compromised entities failing to secure user passwords adequately or monitor for unauthorized data disclosures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Athenaeum incident involved a data breach affecting 1,671 users of the website the-athenaeum.com, disclosed via Twitter by an actor using the handle "@smitt3nz" (alias "Rubber") by early December 2015. The attacker compromised and publicly dumped user credentials including usernames, passwords, password salts, and email addresses. A subset of affected users also had auxiliary social media and communication platform details exposed, specifically Twitter handles, Jabber IDs, and Facebook information. The breach was part of a broader campaign targeting multiple websites, with Rubber leaking datasets from at least 14 other domains between November and December 2015. No technical details regarding the intrusion vector or exploitation methods were disclosed in available reports.
The compromised domain registration for the-athenaeum.com had expired as of December 7, 2015, rendering the site inaccessible at the time of public reporting. DataBreaches.net confirmed the dumped records remained publicly available in paste repositories during their verification process. Unlike higher-profile breaches like Ashley Madison, this incident received minimal media coverage despite containing sensitive authentication data. The attacker's dump exposed password salts alongside encrypted credentials, potentially enabling offline decryption attempts. No organizational response or remediation efforts from The Athenaeum's operators were documented, likely due to the domain's inactive status. DataBreaches.net reported attempting email notifications to some breached entities in this campaign but did not specify contacting The Athenaeum's administrators. The incident highlighted systemic challenges in coordinating breach disclosures for smaller websites with limited operational oversight.