Cyber Incident Victim: SitePoint
Date:
Dec 2020
Location:
United States of America
Summary
A data breach broker marketed stolen user records from SitePoint among 26 companies, with the victim's database containing approximately one million records. The incident was previously disclosed, and the stolen information had been utilized in subsequent attacks. SitePoint's breach was part of a larger operation involving 368.8 million combined records from various organizations, with eight being newly exposed at the time. While some companies confirmed breaches or denied involvement, the legitimacy of such sales historically correlates with actual compromises. Users were advised to change passwords, though specific breach details for SitePoint beyond the record count and malicious use were not elaborated in the report.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident involving SitePoint emerged in late December 2020 when a data breach broker advertised stolen user records from twenty-six companies on a hacker forum. SitePoint was listed among eight newly disclosed breaches in this batch, with the broker offering approximately 1 million user records from the company. This activity occurred within a larger sale totaling 368.8 million records across multiple organizations. Historical evidence indicated SitePoint's breach had been previously disclosed through an earlier BleepingComputer report, distinguishing it from twelve other newly exposed companies in the broker's inventory. The forum post did not specify pricing for SitePoint's data, unlike premium listings like Teespring ($3,800-$4,000) or MyON ($2,800), suggesting lower market demand or prior circulation of the compromised information.
Public records confirmed SitePoint had acknowledged the breach before the broker's December 2020 advertisement, though the exact compromise timeline remained unspecified. The stolen dataset's composition wasn't detailed in available materials, but parallel incidents involving other companies in the same batch included credentials (usernames and hashed passwords) and personal identifiers. No verifiable reports confirmed malicious use of SitePoint's data at disclosure time, though threat actors commonly weaponize such information for credential stuffing and phishing campaigns. The company's breach response measures weren't described in the source material, contrasting with MyON's public statement about implementing "supplemental protections" post-breach. SitePoint's inclusion among eighteen previously known breaches in the broker's catalog indicated recurrent circulation of its stolen data across underground markets prior to this incident.