Cyber Incident Victim: aquamarineboat.com
Date:
Jan 2015
Location:
United States of America
Summary
A threat actor known as Zyklon compromised aquamarineboat.com, an inflatable boat retailer, exfiltrating and leaking customer data including names, postal and email addresses, and plaintext passwords. The breach exposed approximately 2,060 user records, which were publicly dumped alongside credentials from other compromised entities, prompting external notifications to advise mitigation efforts. The incident formed part of a broader campaign targeting multiple websites, with attackers advertising their exploits via Pastebin and temporary hosting platforms while some data dubs subsequently became inaccessible.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In January 2015, the hacker group Zyklon, operating under the alias WonkaSec, breached multiple websites including aquamarineboat.com, an inflatable boat retailer. The group publicly claimed responsibility through Pastebin posts dated January 15, 2015, alongside attacks on soviethistory.macalester.edu (a Russian history resource hosted by Macalester College) and BigBlueInteractive's forum. For aquamarineboat.com, Zyklon exfiltrated and dumped 2,060 customer records containing first and last names, postal addresses, email addresses, and plaintext passwords. The data was published alongside compromised credentials from other targets, with Zyklon promoting their actions via a temporary WonkaSec homepage and Twitter account (@zyclonb4u). The Macalester breach exposed over 90,000 accounts, with 3,634 entries initially leaked on Pastebin containing similar personal details and credentials. Both breaches highlighted the storage of passwords in plaintext—a critical security failure. While the full Macalester database dump link generated an error when accessed by DataBreaches.net, the partial data remained publicly exposed.
The incident was detected when DataBreaches.net discovered the Pastebin disclosures on February 3, 2015, and notified aquamarineboat.com to remove the leaked data and alert affected customers. Macalester College disabled the compromised subdomain, displaying a notice acknowledging the breach and warning users to change reused passwords. The college stated the site would remain offline until a more secure version could be implemented. Zyklon's Pastebin post about BigBlueInteractive was removed prior to analysis, obscuring its full impact. Aquamarineboat.com’s specific remediation steps beyond DataBreaches.net’s notification were not documented in available sources, though the disclosure emphasized risks to customers who reused passwords across multiple services. The attacks collectively exposed over 95,000 records across all targets, with educational users at Macalester and retail customers of aquamarineboat.com facing potential credential-stuffing attacks and identity theft due to the plaintext password exposures.