Over 23,000 hacked databases shared over Telegram and Discord
Around 13 billion user files are believed to be circulating on hacker forums
Over 50GB of data from 23,000 hacked databases have been shared by hackers across Telegram channels and two hacking forums, it has emerged.
A total of 23,618 databases were able to be downloaded through the Mega file hosting service, amounting to a dataset of around 13 billion personal files. The link was later taken down following abuse reports but there are fears that the data has entered the public domain, according to reports from ZDNet.
The databases are said to have come from Cit0Day.in, an underground service launched in January 2018 that provides hacked password data to criminals for a monthly fee. So far, the collection of data has been shared on Russian-speaking hacker forums, the voice chat app Discord, and Telegram channels managed by nefarious data traders.
On 14 September, this service showed users what appeared to be an FBI and US Department of Justice seizure notice. According to threat intelligence service KELA, the seizure noticed appear to be fake and copied from another website. It is not known if the site's creator, known as Xrenovi4, has been arrested.
The databases themselves are from both big-name internet portals as well as smaller, lesser-known websites. Evidence suggests the data is already being exploited by cyber criminals to carry out credential stuffing and password spraying attacks against users who have reused passwords across a number of websites.
Boris Cipot, senior security engineer at Synopsys, told IT Pro that when stolen data is made public or sold to the highest bidder, the race to exploit these affected users begins.
“The problem is that this leak contains data from more than 23,000 databases," said Cipot. "Some of the data is old, some new. For now, it is hard for anyone to be sure that their name, username, passwords, or other data, has not been exposed. Therefore, I would recommend that everyone change their passwords on services they use – just in case."
Four strategies for building a hybrid workplace that works
All indications are that the future of work is hybrid, if it's not here alreadyFree webinar
The digital marketer’s guide to contextual insights and trends
How to use contextual intelligence to uncover new insights and inform strategiesFree Download
Ransomware and Microsoft 365 for business
What you need to know about reducing ransomware riskFree Download
Building a modern strategy for analytics and machine learning success
Turning into business valueFree Download