Small Company Sharewatch (SCSW)

We noticed a significant data leak surfacing on a prominent hacking forum in late August 2018, specifically targeting Small Company Sharewatch (SCSW). What struck us was the enduring nature of this particular threat actor's activity, as SCSW has been a known entity in the investment newsletter space for a considerable period. The discovery was made through routine monitoring of dark web marketplaces and forums, where the data was being offered for sale. The exposed information, while seemingly straightforward, carries implications for credential stuffing attacks and further targeted phishing campaigns against a financially-aware user base.

The breach, attributed to a database compromise, exposed the credentials of 5,423 individuals associated with Small Company Sharewatch. The leaked data primarily consists of email addresses and their corresponding SHA-1 password hashes. This type of exposure is particularly concerning as SHA-1, while a hashing algorithm, is considered cryptographically weak and susceptible to brute-force attacks, especially when combined with common password patterns. The source structure indicates a direct database exfiltration, suggesting a potential vulnerability in SCSW's internal data management systems. The leak locations were identified across several underground forums and marketplaces, indicating a broad distribution of the compromised data.

At the time of the leak, there was limited widespread news coverage directly pertaining to this specific SCSW breach. However, the general landscape of data breaches involving compromised credentials and weak hashing algorithms was a persistent theme in cybersecurity discussions. Research from organizations like Troy Hunt's "Have I Been Pwned" consistently highlighted the prevalence of such leaks and the subsequent risks of credential stuffing. The nature of SCSW's business, focusing on investment advice, also places its user base in a demographic that is often a target for sophisticated financial scams, making this breach a potential vector for more targeted attacks.

Email · Address · Password · Hash