SonicStream

We've been tracking the resurgence of older breaches appearing in modern combolists, and a recent find underscored the continued risk posed by seemingly "old" data. What really struck us wasn't the volume of records, but the fact that the passwords were stored in plaintext, a security practice that should have been obsolete even in 2017. This discovery serves as a stark reminder that legacy security flaws can have long-lasting consequences, especially when exposed credentials are reused across multiple platforms.

SonicStream's 2017 Breach Resurfaces: 47K Plaintext Passwords Exposed

A database dump from SonicStream, a defunct Spanish live streaming platform, has resurfaced on a popular hacking forum. The breach, which occurred in October 2017, exposed the email addresses and plaintext passwords of 47,332 users. The data appeared on a prominent hacking forum in April 2019, but its recent re-emergence in combolists suggests it's actively being used in credential stuffing attacks.

The breach initially caught our attention due to the alarming use of plaintext passwords. In an era where hashing and salting are considered basic security measures, the lack of even rudimentary protection significantly amplifies the risk to affected users. This is especially concerning given the prevalence of password reuse across different online services. The data structure itself was a straightforward database export, making it easy for attackers to parse and utilize.

This incident underscores the importance of proactive password hygiene, even for services that are no longer active. Users who may have used the same password for SonicStream on other platforms are now at heightened risk. Furthermore, the incident highlights the potential for old breaches to be weaponized years after they occur, particularly as they are integrated into larger combolists used for automated attacks.

Key point: Total records exposed: 47,332

Key point: Types of data included: Email addresses, plaintext passwords

Key point: Sensitive content types: Credentials

Key point: Source structure: Database export

Key point: Leak location(s): Prominent hacking forum (April 2019)

Key point: Date leaked: October 18, 2017

While there is no readily available mainstream news coverage of the SonicStream breach, similar incidents involving plaintext passwords have been widely reported. For example, in 2016, security researcher Troy Hunt highlighted a massive breach at VBulletin, a popular forum software, where over 700,000 passwords were stored in plaintext (Wired: https://www.wired.com/2016/07/massive-vbulletin-hack-shows-passwords-still-plain-text/). This incident, like the SonicStream breach, demonstrates a severe lapse in security practices and underscores the long-term risks associated with inadequate data protection.

Email · Address · Plaintext · Password