Sibr.ru

We've been tracking the resurgence of older breaches appearing in combilists and credential stuffing attacks. Often these are dismissed due to their age, but the reuse of credentials remains a significant risk. Our team recently identified a dataset from Sibr.ru, a now-defunct Russian community news and forums website, initially compromised in August 2018. What really struck us wasn't the relatively small number of records (11,336), but the exposure of plaintext passwords, a security practice that should have been retired long before 2018. This highlights the long tail of risk associated with outdated security practices and the ongoing value of even older data to malicious actors.

Sibr.ru's Legacy: A Reminder of Password Security's Past Sins

The Sibr.ru breach, surfacing again after several years, serves as a stark reminder of the dangers of storing passwords in plaintext. The dataset was initially leaked in August 2018 and has recently resurfaced on underground forums, likely being incorporated into larger combilists used for credential stuffing attacks. We discovered this dataset while monitoring activity on a popular Russian-language hacking forum. The post advertising the data specifically highlighted the presence of plaintext passwords, which immediately raised our concern due to the elevated risk of credential reuse.

The breach matters to enterprises now because these exposed credentials, even if outdated, could still be valid for users who haven't updated their passwords across various online services. The reuse of passwords across multiple platforms is a well-documented phenomenon, and attackers often leverage older breaches to gain access to current accounts. This incident underscores the importance of proactive password management, including regular password updates and the use of unique passwords for each online account, as well as monitoring for leaked credentials associated with your organization.

Key point: Total records exposed: 11,336

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: Likely a database dump (details unavailable)

Key point: Leak location(s): Underground hacking forums

Key point: Date of first appearance: August 21, 2018

External Context & Supporting Evidence

While the Sibr.ru breach itself didn't garner significant media attention at the time, the practice of storing passwords in plaintext has been widely criticized by security experts. Security researcher Troy Hunt, creator of Have I Been Pwned, has frequently highlighted the dangers of this practice, emphasizing that it makes it trivial for attackers to compromise user accounts. The appearance of this data in combilists aligns with broader threat themes related to the aggregation and exploitation of leaked credentials. Many threat actors actively trade and utilize these combilists to automate attacks against various online platforms.

Email · Address · Plaintext · Password