Cybercriminals are taking the most of the data they stole, a clear example of this is what is happening with the Phorpiex botnet. They are using the exposed credentials from previous breaches to perform more sophisticated attacks. In this specific example, they have been using the exposed email and plain-text passwords for sextortion purposes.
For that reason, it is very important to measure the risk of the exposed information properly and not only based on the freshness of it. Even if it is old in the right/wrong hands can be useful or a threat.
The computers controlled by the Phorpiex botnet download a database of email addresses and corresponding credentials (likely acquired from Dark Web sites) from a command-and-control (C2) server. In the most recent campaign, researchers observed a downloaded database which contains up to 20,000 email addresses; but in various other campaigns, researchers said they observed between 325 and 1,363 email databases on the C2 server — racking up potentially millions of victims.
https://threatpost.com/phorpiex-botnet-shifts-ransomware-sextortion/149295/
