Viver Online

We noticed the reappearance of a dataset originating from Viver Online, an Italian e-commerce platform focused on wine sales, which ceased operations sometime after its 2018 data compromise. The dataset, first observed in August 2018, has resurfaced on a prominent cybercrime forum, indicating its continued availability and potential for reuse. What struck us was the relatively small scale of the breach, affecting just over 3,600 unique records, yet the inclusion of password hashes, even if MD5, presents a persistent risk to affected users. The nature of the leak suggests a straightforward database exfiltration rather than a sophisticated supply chain attack, but the implications for credential stuffing remain significant.

The Viver Online breach, discovered on August 26, 2018, involved the unauthorized access and exfiltration of a database containing user credentials. Approximately 3,618 unique records were compromised, with the exposed data types being email addresses and MD5 hashed passwords. The source structure points to a direct database compromise, likely through SQL injection or compromised credentials allowing access to the backend. The data was subsequently disseminated on a popular cybercrime forum, a common practice for monetizing or distributing compromised user information. The primary threat theme here revolves around credential stuffing and identity theft, as attackers can leverage the email-password pairs, even with hashed passwords, to attempt logins on other platforms. The fact that Viver Online is now defunct does not negate the risk; users who reused these credentials on other active services remain vulnerable.

At the time of the breach in August 2018, Viver Online was an active Italian e-commerce platform. There was no significant widespread media coverage of this specific incident, likely due to its relatively limited scope and the platform's eventual closure. However, the reappearance of such datasets on cybercrime forums is a recurring theme in OSINT investigations. Security researchers often track these leaks to identify emerging credential stuffing campaigns or to warn affected organizations and individuals. While direct references to Viver Online in recent news are scarce, the broader context of data breaches from defunct platforms being resold or re-shared is well-documented within the cybersecurity community.