Over 23,000 hacked databases shared over Telegram and Discord

Around 13 billion user files are believed to be circulating on hacker forums

Over 50GB of data from 23,000 hacked databases have been shared by hackers across Telegram channels and two hacking forums, it has emerged.

A total of 23,618 databases were able to be downloaded through the Mega file hosting service, amounting to a dataset of around 13 billion personal files. The link was later taken down following abuse reports but there are fears that the data has entered the public domain, according to reports from ZDNet.

The databases are said to have come from Cit0Day.in, an underground service launched in January 2018 that provides hacked password data to criminals for a monthly fee. So far, the collection of data has been shared on Russian-speaking hacker forums, the voice chat app Discord, and Telegram channels managed by nefarious data traders.

On 14 September, this service showed users what appeared to be an FBI and US Department of Justice seizure notice. According to threat intelligence service KELA, the seizure noticed appear to be fake and copied from another website. It is not known if the site's creator, known as Xrenovi4, has been arrested.

The databases themselves are from both big-name internet portals as well as smaller, lesser-known websites. Evidence suggests the data is already being exploited by cyber criminals to carry out credential stuffing and password spraying attacks against users who have reused passwords across a number of websites.

Boris Cipot, senior security engineer at Synopsys, told IT Pro that when stolen data is made public or sold to the highest bidder, the race to exploit these affected users begins.

“The problem is that this leak contains data from more than 23,000 databases," said Cipot. "Some of the data is old, some new. For now, it is hard for anyone to be sure that their name, username, passwords, or other data, has not been exposed. Therefore, I would recommend that everyone change their passwords on services they use – just in case."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
Hackers publish Bombardier data in wide-reaching FTA cyber attack
cyber attacks

Hackers publish Bombardier data in wide-reaching FTA cyber attack

24 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021