ShareSansar

We've been tracking a resurgence in older database breaches surfacing in combolists and credential stuffing attacks. What really struck us about this particular incident wasn't the volume of records, but the specific target: ShareSansar, a stock market intelligence hub focused on Nepal's financial markets. The data, dated to August 2018, had been circulating quietly, but we noticed a spike in mentions across several dark web forums known for trading in financial credentials. The limited scope of the platform suggests a targeted attack, potentially aimed at gaining insights into investor behavior or manipulating market data.

ShareSansar Breach: 13,259 Records Exposed in Financial Intelligence Hub

A breach impacting ShareSansar, a prominent stock market intelligence platform in Nepal, has resulted in the exposure of 13,259 user records. The breach, which occurred in August 2018, was recently brought to our attention due to increased chatter on underground forums. The compromised data includes email addresses and MD5 password hashes. While the use of MD5 is an outdated security practice, the potential impact on individuals within the Nepalese financial market is significant.

The breach came to light after the database was leaked on underground sources and subsequently indexed by various breach notification services. It caught our attention due to the specific nature of ShareSansar as a financial intelligence provider. The combination of email addresses and password hashes could be leveraged for targeted phishing campaigns or credential stuffing attacks against other financial platforms or services used by ShareSansar users. The relatively small number of accounts suggests this may have been a targeted attack, rather than a broad, opportunistic sweep.

This breach matters to enterprises now because it highlights the long-term risks associated with legacy systems and the potential for old data to resurface and be weaponized. Even seemingly small regional platforms can be valuable targets for attackers seeking financial gain or market manipulation opportunities. The use of weak hashing algorithms like MD5, even several years ago, continues to pose a risk today.

Key point: Total records exposed: 13,259

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: Potentially sensitive financial information indirectly accessible through compromised accounts.

Key point: Source structure: Database (exact format unknown)

Key point: Leak location(s): Underground forums, combolists

Key point: Date of first appearance: August 2018 (resurfaced recently)

External Context & Supporting Evidence

While specific news coverage of the ShareSansar breach from 2018 is limited, the incident aligns with broader trends in data breaches affecting financial institutions and related services. The use of MD5 for password hashing is a known vulnerability that has been exploited in numerous past breaches. Security researchers have consistently warned against the use of MD5 due to its susceptibility to collision attacks and rainbow table lookups. The recent increase in activity surrounding this breach on dark web forums suggests a renewed interest in leveraging the compromised data for malicious purposes. One forum user claimed the data was "useful for targeting Nepali investors," further highlighting the potential for financial harm.

Email · Address · Password · Hash