Orvis, a retailer specializing in high-end fly fishing, hunting and sporting goods, leaked hundreds of internal passwords on Pastebin for several weeks in October. Credentials the company used to manage including everything from firewalls to administrator accounts were exposed, although Orvis claims that many of the credentials were already expired.

This enormous passwords file was posted to Pastebin—a website where you can store text online for a set period of time—on two separate occasions, the first being on Oct. 4, and the second Oct. 22, a finding that was corroborated by 4iQ. It is believed that this exposure may have originated from a third party, highlighting a trend of exposures created not by the victims, but by “trusted partners.”