Sarreid Ltd.

We're continuously monitoring breach dumps for credential stuffing risks, but the Sarreid Ltd. breach initially seemed unremarkable. Many older dumps contain similar data: email addresses paired with password hashes. What made this one stand out was the relatively small size combined with the age of the breach. This suggests the data hadn't been widely circulated, representing a potential "fresh" source for attackers targeting accounts that may have remained unchanged since the original 2018 compromise. The fact that it originated from a smaller, lesser-known Bulgarian platform, Percovision, also piqued our interest, highlighting the long tail of breaches that often go unnoticed.

Sarreid Ltd. Leak: 106k Credentials Potentially Fresh for Credential Stuffing

The Sarreid Ltd. breach, stemming from the Percovision platform in August 2018, exposed 106,515 records containing email addresses and PHPass hashed passwords. While the age of the breach might suggest the data is stale, its relatively limited exposure over the past six years means that some users may not have updated their credentials since the incident. This "freshness," compared to more widely circulated breaches, makes it a potentially valuable resource for attackers engaged in credential stuffing attacks.

The breach was discovered recently while monitoring a dark web forum known for hosting dumps from smaller, less publicized breaches. The file's metadata suggested it was originally dumped in August 2018, coinciding with reports of a breach affecting Percovision, a Bulgarian platform. What caught our attention was the specific focus on Sarreid Ltd. data within the larger Percovision breach. This suggests a targeted extraction, rather than a full database dump, potentially indicating a specific interest in Sarreid Ltd. or its user base.

Key point: Total records exposed: 106,515

Key point: Types of data included: Email Address, Password Hash (PHPass)

Key point: Sensitive content types: User credentials

Key point: Source structure: Database extract (likely SQL export)

Key point: Leak location(s): Dark web forum (details withheld for security)

Key point: Date of first appearance: August 26, 2018 (dump date)

The significance of this breach for enterprises lies in its potential to fuel credential stuffing attacks. Even if only a small percentage of users reused their Sarreid Ltd. passwords on other platforms, including corporate accounts, the breach could provide attackers with a foothold into sensitive systems. This incident also underscores the importance of monitoring third-party risks and ensuring that vendors with access to corporate data maintain robust security practices.

This breach aligns with broader threat themes we're observing, particularly the ongoing abuse of older, less publicized data breaches for credential stuffing. Attackers often target smaller breaches like this one, assuming that victims are less likely to have taken preventative measures compared to those affected by larger, more widely reported incidents. The use of PHPass also points to older systems, which may be more vulnerable to other types of attacks.

Email · Address · Password · Hash