More than 50GB of data from 23,000 hacked databases were shared by cybercriminals on Telegram channels and two hacking forums. These included around 13 billion archived files from the Cit0day site, which was ceased in September.
According to ZDNet, a total of 23,618 hacked databases can be downloaded through the MEGA file-hosting portal. The link was taken down after a few hours as it was reported for abuse, but it means the data could have entered the public domain.
On Sunday, November 1, about 30% of Cit0day database was published again on a more popular hacking forum.
Security experts regard the incident as the biggest leak so far as the entire hacked databases collection from Cit0day has been shared on a well-known forum for Russian-speaking hackers since October as well as through Discord and Telegram channels being managed by underground data traders.
Cit0day include new and old hacked files
Not all leaked databases from Cit0day are big internet portals, but also hacked files from famous websites. These also include sites that were hacked after years ago while most databases are from small, unknown sites with users that only range to thousands of users. However, even if the files are from old hacked databases, being leaked would still pose high security risks on most internet users.
As Cit0day and other similar sites extend the shelf life of past mistakes in online accounts passwords. Thus, this mega leak is the resurgence of thousands of past hacks, which many users have already forgotten, but have since kept in these portals.
Currently, the leaked data is already being used by other cybercriminal gangs to launch spamming, password spraying, and credential stuffing attacks against users who might have used their passwords in their online accounts.
This means users should start changing passwords for their online accounts with unique ones for each account. It is also highly recommended to have password managers for all online accounts.
What is Cit0day?
Cit0day used to collect hacked databases of emails, addresses, usernames, and even cleartext passwords, which hackers can access for a daily or monthly fee. It operated like the other "data breach index" services like LeakedSource and WeLeakInfo, which were already taken down respectively in 2018 and 2020. Cybercriminals would use the information from the site to breach accounts of targeted users at more high-profile sites.
The Cit0Day website was launched in January 2018 after LeakedSource closed. On September 14, Cit0day went down after its main domain received a takedown notice from the Federal Bureau of Investigation (FBI) and the Department of Justice.
However, rumors spread that FBI seizure order was fake or copied from another hacking platform. ZDNet reported that an FBI spokesperson declined to confirm any investigation or the notice, citing internal policies.
Also, no arrest related to Cit0day has yet been announced, denouncing rumors that Cit0day's creator Xrenovi4 was arrested. This goes against the operation of government agencies as FBI and DOJ usually file cases against creators of criminal websites after taking them down. Such huge story could have been all over the news already by now.
This is owned by Tech Times
Written by CJ Robles