Username: “sa”

The username “sa” was first observed on 2026-01-23 and last seen on 2026-03-03. It has been used in 16,081 attack sessions across 4 different protocols, making it a frequently targeted credential in our honeypot sensor network.

Attackers use this username during automated brute-force and credential stuffing attacks. To protect your systems, ensure this username is either disabled or secured with a strong, unique password. Monitor login attempts with tools like Fail2Ban and check IPs against the SikkerAPI threat database. For automated protection, use our CLI tool or REST API.