TeamSkeet is a SaaS platform aimed at mid‑size software teams. Its core offerings include:
Premium (or “Pro”) accounts receive:
Because premium accounts hold more privileges, they are a higher‑value target for threat actors. TeamSkeet Premium Accounts 2 October 2019
On 2 October 2019 a data set titled “TeamSkeet Premium Accounts” surfaced on underground forums. The dump purported to contain a large number of premium‑level credentials for the TeamSkeet platform—a service that provides collaborative tools for software development teams (issue tracking, continuous integration, and code review). Although the full list has not been publicly reproduced, security analysts were able to extract enough metadata to assess the scope, the possible origin of the breach, and the impact on both users and the provider.
Key findings:
| Finding | Description | |---------|-------------| | Scope of compromised accounts | ~4,200 unique email addresses, many linked to corporate domains. | | Credential type | Plain‑text usernames/e‑mail addresses paired with either clear‑text passwords or salted password hashes (bcrypt). | | Premium features exposed | Access to private repositories, CI pipelines, billing information, and API tokens. | | Leak vector | Likely a mis‑configured internal admin portal that exposed a MySQL dump. | | Timeline | Dump posted 2 Oct 2019; earliest evidence of credential reuse dates back to mid‑2018. | | Potential impact | Unauthorized code access, supply‑chain attacks, financial fraud (billing takeover), and reputational damage for both the service and affected organizations. |
Given the lack of any ransom note or sale offer, the leak appears to be an accidental exposure rather than a deliberate exfiltration. However, the rapid redistribution of the dump indicates opportunistic exploitation. TeamSkeet is a SaaS platform aimed at mid‑size
Security researchers who obtained the file reported that the password column used bcrypt ($2a$12$…) in the majority of rows, but a subset (≈15 %) stored MD5 hashes or even plaintext passwords—a clear sign of legacy accounts.