Rumah SBN

We're seeing a disturbing trend of older breaches resurfacing, often amplified by their inclusion in aggregated data dumps and stealer logs. What really struck us about the Rumah SBN leak wasn't its initial age (2018), but its sheer volume – nearly 150 million records – and the potential for password reuse across Indonesian users. The data had been circulating quietly, but we noticed an uptick in mentions on Indonesian-language Telegram channels, alongside discussions of using the compromised credentials for account takeover attempts on local e-commerce platforms. The setup here felt different because while the leak itself is old, the current exploitation is actively ongoing.

Rumah SBN Breach: 149 Million Indonesian Records Resurface

The Rumah SBN breach, initially reported to have occurred in December 2018, exposed a massive database of Indonesian user information. While the breach itself isn't new, its recent resurgence and active exploitation caught our attention. The sheer scale of the breach, coupled with the fact that many users likely haven't changed their passwords in the intervening years, makes this a significant risk for account compromise.

The breach was discovered after being listed for sale on a dark web marketplace in 2019 and subsequently began circulating more broadly. The re-emergence of this data, and observed chatter on Telegram channels suggesting active exploitation, prompted this analysis. It matters to enterprises now because the compromised credentials could be used to target Indonesian users on other platforms, potentially leading to phishing attacks, account takeovers, and financial fraud.

This breach highlights the long tail of data breaches and the persistent risk of password reuse. Even breaches from several years ago can still pose a significant threat if the exposed credentials remain valid. The fact that the data is actively being traded and exploited further exacerbates the risk.

Key point: Total records exposed: 149,511,961

Key point: Types of data included: Email Address, Username, Phone Number, First Name, Last Name, Password Hash (SHA256)

Key point: Sensitive content types: PII

Key point: Source structure: Database

Key point: Leak location(s): Telegram channels, Dark web marketplaces

Key point: Date of first appearance: December 1, 2018

External Context & Supporting Evidence

Similar to the Dubsmash breach, which also occurred in 2018 and involved a large number of user credentials, the Rumah SBN leak demonstrates the long-term impact of poorly secured databases. Many users may have used the same credentials across multiple platforms, making them vulnerable to credential stuffing attacks.

While direct news coverage of the Rumah SBN breach is limited in English-language media, Indonesian cybersecurity forums and blogs have discussed the incident extensively. One Telegram post claimed the files were being used "to brute force accounts on Tokopedia and Bukalapak," two major Indonesian e-commerce platforms. This highlights the potential for the compromised credentials to be used for malicious purposes.

Email · Address · Username · Phone · Number · First · Name · Last · Password · Hash