Sify Technologies Limited

We've been tracking a resurgence of older breaches appearing in combined credential lists, often hitting smaller, regional service providers. These "combolists," as they're known, are a common tool for credential stuffing attacks. What really struck us with a recent find wasn't the size of the breach itself, but the fact that it involved plaintext passwords from a breach dating back to 2018. This significantly amplifies the risk, as users may have reused those credentials across multiple services.

Sify Technologies Breach: 16.9k Records with Plaintext Passwords Resurface

In August 2018, Sify Technologies Limited, an Indian ICT company, suffered a data breach that exposed 16,901 user records. The breach recently resurfaced on underground forums, drawing attention due to the highly sensitive nature of the exposed data: email addresses and, critically, plaintext passwords. This means the passwords were not hashed or encrypted, making them immediately usable by malicious actors.

The breach initially caught our attention due to chatter on a popular breach aggregation Telegram channel, where a link to the data was shared. The fact that the passwords were in plaintext format, a practice considered highly insecure even in 2018, makes this breach particularly dangerous. The data appears to be a database or combilist leak.

This breach matters to enterprises because it highlights the long tail of risk associated with legacy breaches. Even years after an initial incident, exposed credentials can continue to pose a threat, especially if users haven't updated their passwords. This is particularly relevant in today's threat landscape, where automated credential stuffing attacks are rampant. These attacks leverage previously exposed username/password combinations to gain unauthorized access to user accounts across various platforms and services.

Key point: Total records exposed: 16,901

Key point: Types of data included: Email Addresses, Plaintext Passwords

Key point: Source structure: likely a Database or Combolist

Key point: Leak location(s): Telegram channels, underground forums

Key point: Date of first appearance: August 21, 2018 (initial breach), resurfaced recently

External Context & Supporting Evidence

While details on the initial 2018 breach are limited in mainstream media, the re-emergence of this data aligns with a broader trend of older breaches being repackaged and sold on dark web marketplaces. Security researchers have repeatedly warned about the dangers of plaintext passwords, emphasizing the importance of using strong hashing algorithms like bcrypt or Argon2. The Have I Been Pwned database lists the Sify breach, confirming its existence and impact.

Email · Address · Plaintext · Password