It has been reported that more than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee. Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.
When data stolen in a breach is made public or sold to the highest bidder, the race to exploit these affected users begins. These individuals need to change their passwords, and they need to track services where the same username and password has been reused, making sure to change their credentials there too. In many cases, they will also need to call their banks and cancel their credit cards or similar services if such relevant data may have also been breached. In short, it is a complete nightmare.
This leak, however, is 23,000 times worse. The problem is that this leak contains data from more than 23,000 databases. Some of the data is old, some new. For now, it is hard for anyone to be sure that their name, username, passwords, or other data, has not been exposed. Therefore, I would recommend that everyone change their passwords on services they use—just in case. It is important not to reuse passwords and be sure that they are long and complex. To better manage passwords, use a trusted password management service. If the service offers the possibility of 2FA, then do so as an extra security measure. Also, be wary when opening email attachments or clicking on links in emails, avoiding it when possible. Attackers will no doubt use the exposed data as part of phishing campaigns. Finally, stay vigilant of any suspicious activity on your credit cards as well as of any other attempts at identity theft. There is no saying who has access to your data, nor how they plan to use it; the best thing to do is take all the necessary precautions and stay vigilant