Data From 23,000 Hacked Databases Has Been Shared via Discord and Telegram

A huge amount of data from previously hacked databases has been briefly made freely accessible online. Following the incident, the databases have been further distributed through hacker forums on the dark web as well as messaging platforms like Telegram and Discord.

Originally, over 23,000 compromised databases were put up for download in a MEGA cloud storage depository. Naturally, the MEGA link was quickly taken down following reports of illegal content, but the data was online long enough for bad actors to download and spread it further, using different, less obvious channels.

The databases were allegedly obtained from the now defunct Cit0day website, which was shut down by US federal authorities in mid-September 2020.

What makes this attack special is the sheer volume of data that was contained in the original dump. Around 50 gigabytes of data, comprising roughly 13 billion user records across the 23,000 databases is now being leaked and disseminated through Discord servers and Telegram channels operated by bad actors.

Cit0day acted as a historical depository for old hacks and a lot of the data contained in the new leak is several years old. However, given the huge number of compromised databases collected in the dump, there are many among them that belong to smaller sites and services and those often use less than optimal encryption procedures. This means that roughly 30% of the 23,000 databases contained plain text passwords.

What happens after the data dump?

The massive leak is very likely being currently used to launch new large scale password stuffing and password spraying campaigns and users who reused passwords, even very old ones in this case, are at risk.

The attack serves to highlight yet again the importance of using different passwords on each platform and service you use. This can seem like a huge chore at first, but using a dedicated password manager application to manage those passwords is a big help in this regard. A dedicated password manager can both assist in choosing strong passwords and keep them organized and easily accessible.

November 11, 2020

Leave a Reply