SMS Snabb Lan Svenskasajter

We've observed a consistent pattern of older breaches resurfacing in new combolists and credential stuffing attacks. What initially seemed like a minor leak can gain new significance years later as threat actors refine their techniques and aggregate historical data. This is precisely what we saw when the SMS Snabb Lan Svenskasajter breach from August 2018 resurfaced in our threat feeds. What really struck us wasn't just the age of the data, but the fact that a relatively small dataset from a defunct Swedish financial website could still pose a risk to modern enterprises.

The Dormant Breach: 19,940 Records from a Defunct Swedish Financial Site

In August 2018, the now-defunct Swedish financial website SMS Snabb Lan Svenskasajter suffered a data breach that impacted 19,940 users. The breach, containing email addresses and MD5 password hashes, was initially disclosed on underground sources. The relatively small size of the breach likely contributed to it fading from immediate attention. However, the re-emergence of this data in recent combolists highlights the enduring value of even seemingly minor historical breaches.

The breach was discovered when our systems flagged a new combolist containing credentials matching the SMS Snabb Lan Svenskasajter domain. The data's presence in these lists suggests it is being actively used in credential stuffing attacks. The use of MD5 hashes, an outdated and easily crackable hashing algorithm, significantly increases the risk of password compromise for affected users.

This incident matters to enterprises now because it underscores the long tail of data breaches. Even breaches of small, defunct organizations can contribute to the overall threat landscape. The re-emergence of these credentials in combolists means they are likely being used to target accounts across various online services. This highlights the importance of monitoring for credential reuse, even with older data sources.

Key point: Total records exposed: 19,940

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: Potentially financial data, depending on the user's activity on the site.

Key point: Source structure: Likely a database export.

Key point: Leak location(s): Underground forums, combolists.

Key point: Date of first appearance: 26-Aug-2018

External Context & Supporting Evidence

While the SMS Snabb Lan Svenskasajter breach itself didn't receive widespread media coverage at the time, the broader trend of credential stuffing attacks fueled by leaked credentials is well-documented. Security researchers have consistently warned about the dangers of password reuse and the effectiveness of credential stuffing techniques. For example, Have I Been Pwned (HIBP) includes the breach in its database, further validating the leak's authenticity and scope.

The use of MD5 hashes is a critical point. The ease with which MD5 can be cracked means that any passwords associated with these hashes are considered highly vulnerable. Security advisories routinely recommend against the use of MD5 for password storage, further emphasizing the risk associated with this breach.

Email · Address · Password · Hash