Brandtags

We're seeing a concerning uptick in older breaches resurfacing, often repackaged and sold as "new" to less experienced threat actors. We flagged this particular incident after observing a cluster of activity on a dark web forum known for trading in credential stuffing lists. What really struck us wasn't the size of the Brandtags breach itself, but the way it was being positioned alongside much larger, more recent leaks – a tactic designed to inflate its perceived value and entice buyers. The age of the data (2018) makes it less immediately impactful, but its inclusion in these bundles highlights the long tail of risk associated with even relatively small breaches.

The Brandtags Breach: 8.2k Email Addresses and Hashed Passwords Resurface

The Brandtags breach, impacting a now-defunct crowdsourced branding experiment, is making the rounds again. The initial breach occurred in August 2018, exposing approximately 8,204 user records. While the incident itself is not new, its re-emergence on a popular hacking forum suggests ongoing attempts to monetize the stolen data through credential stuffing attacks. Our team noticed this breach being advertised on [redacted] forum, a known marketplace for buying and selling compromised data. The relatively small size of the leak is offset by its age and the potential for password reuse across different platforms. This illustrates a persistent threat to enterprises as threat actors continuously seek to profit from old breaches. The breach fits into a broader pattern of threat actors scraping and bundling older breaches to create "combolists" for credential stuffing attacks.

Breach Stats:

* Total records exposed: **8,204**
* Types of data included: **Email addresses**, **SHA1 hashed passwords**
* Sensitive content types: None explicitly beyond credentials
* Source structure: Likely a database export (details unavailable)
* Leak location(s): Popular hacking forum

External Context & Supporting Evidence

While the Brandtags breach itself didn't generate significant media coverage at the time, the practice of threat actors repackaging older breaches is a well-documented phenomenon. Security researcher Troy Hunt, creator of Have I Been Pwned, has frequently discussed the challenges associated with managing and mitigating the risks posed by historical data breaches. The SHA1 hashing algorithm used to secure the passwords is also considered weak by modern standards. As BleepingComputer reported in 2019, SHA1 has been effectively deprecated and is susceptible to collision attacks, making password recovery easier for attackers. This underscores the importance of regularly updating security protocols and migrating away from outdated hashing algorithms.

Email · Address · Password · Hash