Slim SpA

We've been tracking a resurgence of older breach datasets appearing in combolist attacks, and a recent discovery highlighted the ongoing risk posed by even seemingly outdated leaks. What struck us about this particular dataset wasn't the volume of records, but the fact that passwords were stored in plaintext. This instantly elevates the risk for exposed users, particularly given password reuse across multiple platforms. The data had been circulating quietly, but we noticed an uptick in mentions on several underground forums known for trading in credential stuffing lists.

The Italian Shopping Site Breach That Keeps on Giving: 13,927 Exposed

In August 2018, Slim SpA, an Italian shopping website specializing in furnishing and home accessories, suffered a data breach. The compromised data, consisting of 13,927 user records, recently resurfaced on several underground forums and Telegram channels. The breach was initially reported on underground sources at the time, but the recent re-emergence underscores the enduring threat posed by older, unmitigated breaches. What makes this breach particularly concerning is the fact that passwords were stored in plaintext, a practice considered highly insecure even in 2018. This significantly increases the risk of successful credential stuffing attacks against users who may have reused those passwords on other platforms.

The re-emergence of this data caught our attention due to the increased chatter surrounding it on forums dedicated to combolist construction and credential stuffing. The combination of plaintext passwords and the availability of the data on these platforms creates a perfect storm for automated attacks. This breach matters to enterprises now because it highlights the long-term consequences of poor security practices and the enduring value of even relatively small datasets to attackers. It also underscores the need for continuous monitoring for leaked credentials, even those originating from older breaches.

Key point: Total records exposed: 13,927

Key point: Types of data included: Email addresses, plaintext passwords

Key point: Source structure: Likely a database dump or export.

Key point: Leak location(s): Underground forums, Telegram channels

Key point: Date of first appearance: August 26, 2018 (initial breach), recently resurfaced.

While this breach hasn't received widespread media attention, the presence of plaintext passwords amplifies the risk considerably. Security researcher Troy Hunt maintains a database of breached accounts at Have I Been Pwned?, and this breach is included in their listings. Users can check if their email address was compromised in the Slim SpA breach, or any other known data breach, by visiting the Have I Been Pwned? website. Discussions on various hacking forums suggest that these credentials are being actively used in password spraying attacks against various online services. One Telegram post claimed the list was "fresh and converting well" indicating active use in credential stuffing campaigns.

Email · Address · Plaintext · Password