Sisdera

We've been tracking a resurgence of older breaches appearing in comb lists and credential stuffing attacks, a worrying trend indicating that even years-old data can still pose a significant risk. What really struck us wasn't the size of this particular breach – 11k records is relatively small – but its age and the fact that it's surfacing *now*, suggesting continued value for malicious actors. This "Sisdera" breach, dating back to 2018, highlights a critical point: data doesn't simply disappear. It persists, gets re-aggregated, and re-weaponized. The persistence of MD5 hashed passwords, even weak ones, in circulation continues to present risk.

The Resurfacing of a 2018 Sisdera Breach: Email and Password Data

A dump of user data from Sisdera, a Brazilian content and blog site, appeared on underground forums in August 2018. While the number of affected users is relatively small at 11,069, the breach is noteworthy due to its recent reappearance in circulating comb lists. This indicates that the data is still being actively used in credential stuffing attacks, despite being over five years old. The breach itself was a straightforward database compromise, exposing user email addresses and MD5 password hashes.

The breach first surfaced in August 2018, quickly making its way into various online breach repositories and forums. What caught our attention was the uptick in mentions and sales of the Sisdera data on Telegram channels dedicated to credential stuffing in the past weeks. This suggests a renewed interest, likely driven by automated tools that test these credentials against various online services. This matters to enterprises now because it underscores the long tail of data breaches. Even if a breach occurred years ago, the exposed credentials can still be used to compromise accounts, especially if users have reused passwords across multiple platforms. This breach is a prime example of how seemingly "old" data can fuel modern attacks. The use of MD5 hashing is also a concern, as it's considered a weak hashing algorithm and can be cracked relatively easily with modern tools.

Key point: Total records exposed: 11,069

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: User credentials

Key point: Source structure: Likely a database dump or export

Key point: Leak location(s): Underground forums, Telegram channels specializing in comb lists and credential stuffing

Key point: Date leaked: August 26, 2018

The reappearance of the Sisdera breach aligns with a broader trend of attackers leveraging older data in automated attacks. Security researcher Troy Hunt, creator of Have I Been Pwned, has frequently highlighted the ongoing risk posed by older breaches, emphasizing the importance of password hygiene and monitoring for compromised credentials. Furthermore, numerous reports from cybersecurity firms like Recorded Future and Flashpoint detail the increasing sophistication of credential stuffing tools and the growing market for leaked credentials on platforms like Telegram. Posts on Telegram channels we reviewed claimed the list was "freshly compiled" and "effective against smaller Brazilian sites," referencing the original site's regional focus.

Email · Address · Password · Hash