23,600 Databases Containing 13 Billion User Records
Cit0day, a database indexing site like the WeLeakInfo and LeakedSource, has been making rounds in several hacker forums since last month. It groups up all the hacked databases from various breaches and hosts them to serve in a subscription-based model for cybercriminals. The offering databases contain usernames, email addresses, and even plaintext passwords. As reported by ZDNet, somehow, the databases of Cit0day were leaked in a Russian hacker forum last month. It’s reported to host a link to over 23,618 databases containing 13 billion user records in a MEGA portal. This was soon taken down (live for a few hours) and had given the users enough time to download and share later. The data dump was reported to be 50GB and shared several times in other hacker forums later. It has also made its way to the surface internet, with data brokers sharing it in Telegram and Discord channels. It got interesting when users started seeing a seizure notice on the FBI and CISA, hinting everyone that the site’s operator, Xrenovi4, could’ve been caught. But this was unlikely since an FBI spokesperson had declined to comment. There are no official reports of anyone relating to the arrest, causing it to shut down eventually. Yet, the leaked database was not being shared online explicitly. The data’s authenticity was even verified by forum members, thus gaining more popularity. While some of them are relating to big portals, most of them are from small ones. Yet, they’re relatively important, as they come free to use. Cit0day has marked some of them as dehashed, meaning the passwords are cracked and provided in plain text, making it easier for the hackers to exploit. It’s reported that many who obtained the dataset are now planning credential stuffing, spam campaigns, etc. attacks.
Ukrainian Police Arrested a Hacker Who Tried to Sell 773 Million Records Hacker Wipes and Leaves Ransom Note on 22,900 MongoDB Databases Hacker Takes Revenge By Stealing 8,000+ Databases Unknown “Meow” Attack Wiped Out 4,000+ Exposed Databases