site1727.mutu.sivit.org

We've seen a steady drumbeat of older breaches resurfacing in recent months, often bundled into larger "combolists" targeting specific demographics or industries. What really struck us about this particular resurfacing wasn't the size of the leak itself, but the age of the data and the continued use of unsophisticated hashing algorithms. The data had been circulating quietly, but we noticed it being actively traded on a lower-tier forum known for aggregating older breaches, suggesting it's still considered valuable by some actors. The breach highlights the long tail of risk associated with older, seemingly forgotten security incidents.

The French Forum Breach That Keeps on Giving: 28k Records Resurface

A breach impacting site1727.mutu.sivit.org, a now-defunct French community forum, initially occurred in August 2018. The compromised data, consisting of 28,382 user records, recently resurfaced on underground forums. This re-emergence underscores the enduring value of even relatively small breaches to threat actors, particularly when combined with other datasets to create more comprehensive attack vectors. The breach came to our attention during routine monitoring of combolist activity on a forum frequented by credential stuffing operators.

The breach caught our attention not because of its scale, but due to the simple fact that almost six years later the data is still being actively traded and referenced. The data itself is relatively straightforward, containing email addresses and MD5 password hashes. This weak hashing algorithm makes the passwords relatively easy to crack, potentially giving attackers access to accounts on other platforms where users may have reused the same credentials. This matters to enterprises now because it's a stark reminder that older breaches don't simply disappear; they can resurface years later to fuel new attacks. The incident ties into broader threat themes surrounding credential stuffing, password reuse, and the aggregation of leaked data into large combolists.

Key point: Total records exposed: 28,382

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: None beyond credentials

Key point: Source structure: Unknown, likely a database export

Key point: Leak location(s): Underground forum specializing in older breach aggregation

Key point: Date of first appearance: August 2018 (initial breach), recently resurfaced

External Context & Supporting Evidence

While this specific breach didn't garner widespread media attention at the time, similar forum breaches from that era were frequently reported on by security news outlets. For example, BleepingComputer regularly covered forum data dumps and the risks associated with weak password hashing algorithms. The continued trading of this data aligns with observations made by threat intelligence firms like Recorded Future, who have documented the persistence of older breaches in underground markets. One Telegram post claimed the files were "a good starting point for targeting French-speaking users," indicating the intended use of the data.

Email · Address · Password · Hash