Posted on November 5, 2020 at 6:28 PM
A recent report reveals that over 23,000 databases have been hacked from redundant data breach index site and made available for download on lots of dark web forums.
Cybersecurity experts and threat intelligence units have called the leak the biggest security leak of all time.
According to the report, the leaked database came from a private service Cit0Day.in and advertised to other cybercriminals on the darknet forums.
Cit0day carried out its operation by gathering hacked databases and provided cleartext passwords, addresses, emails, and usernames. This makes it easier for other cybercriminals to access the leaked database.
With the information and details provided by Cit0day, the cybercriminals had access to targeted users’ passwords, as they try to breach their accounts on other high-profile sites.
The Cit0day site is not entirely new, as it is a rehash of similar “data breach index” sites such as WeLeakInfo and LeakedSource, which were taken down by 2020 and 2018 by authorities.
Cit0day began gathering data in 2018 after the LeakedSource site was taken down. Before its launch, the owners heavily advertised the site on the darknet and hacking forums. It was also advertised on major forums on the internet such as BitcoinTalk.
But in September, when the owners of the site saw DOJ and FBI seizure notice, they took the size down on September 14.
Cit0day has been operating underground
On major hacking forums, there were rumors that the FBI has arrested the owner of the site, named Xenovi4, just like how it played out with site owners of the defunct data breach index sites WeLeakInfo and LeakedSource.
However, with the recent release of the leaked data from the same site, it’s obvious that the takedown notice by the FBI wasn’t directly from the FBI.
Raveed Laeb, Product manager at KELA, revealed that the seizure notification on the Cit0day site was taken from the Dee.io takedown notification, edited, and pasted on the Cit0day site to make it look genuine.
An FBI spokesperson who was contacted by the press declined to make any comment about the situation, saying any disclosure will go against the internal policies of the agency.
Additionally, the DOJ or FBI didn’t make any announcement regarding Cit0day arrest, which is unlike them. Both agencies usually arrest the creators of criminal sites after shutting down their sites.
The hacked database now exposed online
While the public believed that Cit0day has been shut down and everything about their activities have ended, the site only went underground and continued to operate, as the latest database leak showed.
It is not clear whether the leaked database was leaked by Cit0day or a rival data leak center, the entire collection of the site’s hacked databases was offered last month for free on darknet forums and a very popular forum for Russian speaking hackers.
Based on the report, there were 23,618 hacked databases provided for free download through the MEGA file-hosting portal. However, the link provided for the download was taken down only a few hours after the report of abuse was lodged against the site.
The entire database, regarded as the largest ever leaked file in the internet’s history, containing 13 billion user records estimated to be around 50GB.
Although the database was only made available for a short time, it was enough for a hacker to download some files that can be used for future attacks. The few hours the data stayed exposed ensured that it has entered the public domain, giving cybercriminals access to a rich database to launch attacks on other sites.
Many of the compromised sites use poor security measures
After it was briefly exposed in October, the file has been distributed online among hackers. However, the leaked database was shared again online on an even more popular hacker forum.
Many of the leaked data included in the database were from sites that were compromised many years ago. So, it may not be very useful for hackers as most of the affected users may have changed their login details. However, what will be more interesting for hackers is the new content from recently breached sites.
Also, some of the leaked data are from big-name sites while others are from smaller sites not widely known.
Many of the sites did not use high-security measures, which makes them vulnerable to future attacks when the hackers get hold of the right details.