Sacert

We've been tracking an uptick in smaller, regional breaches hitting classified ad platforms, often overlooked in favor of larger, more publicized incidents. What really struck us about the **Sacert** breach wasn't the relatively low volume of records — **50,863** in total — but the age of the incident and its continued relevance in combolists circulating today. This suggests that even older breaches, if not properly addressed, can continue to pose a risk to users and organizations.

Sacert's 2018 Breach Fuels Ongoing Password Reuse Risks

In August 2018, the Indian classified ads platform Sacert suffered a data breach that exposed approximately 50,863 user records. The breach, which was added to the Have I Been Pwned database on August 26, 2018, contained nearly 51,000 unique email addresses and MD5 hashed passwords. While the breach itself occurred several years ago, its continued presence in combolists raises concerns about credential stuffing attacks and password reuse.

The breach was discovered after the data was added to the Have I Been Pwned database, a popular resource for tracking data breaches and compromised accounts. What caught our attention was the age of the breach and its continued availability on various online platforms. The use of MD5 hashing, an outdated and easily crackable algorithm, further exacerbates the risk to affected users. This incident highlights the importance of using strong, unique passwords and implementing robust password security measures.

This breach matters to enterprises now because the exposed credentials may be used in credential stuffing attacks against other online services. If users have reused their Sacert passwords on other platforms, their accounts are at risk of being compromised. This incident underscores the broader threat theme of password reuse and the need for organizations to educate their employees about the importance of password security.

Key point: Total records exposed: 50,863

Key point: Types of data included: Email Address, Password Hash

Key point: Sensitive content types: None specified

Key point: Source structure: Unknown, likely a database export

Key point: Leak location(s): Combolists, Have I Been Pwned

Key point: Date of first appearance: 26-Aug-2018 on Have I Been Pwned

While there doesn't appear to be widespread news coverage of the Sacert breach specifically, similar breaches of smaller platforms are regularly reported. For example, BleepingComputer frequently covers data breaches affecting various online services. The persistence of this data in combolists is also a recurring theme discussed on security forums and Reddit communities dedicated to data breaches and password security.

Email · Address · Password · Hash