This morning, it was announced that that a hacker has breached the backend servers belonging to DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion Security, a US-based cyber-security firm. The hacker, who spent three months inside DataViper servers, claims to have stolen more than 8,200 databases that Troia had indexed for the DataViper data leak monitoring service. The exfiltrated databases contain the information of billions of users that was leaked during past security breaches from DataViper’s “data leak detection” service. The hacker, via a link to a dark web portal, shared the published information about the hack, including an e-zine (electronic magazine) detailing the intrusion into DataViper’s backend servers.
The DataViper breach shows that sensitive data continues to be attractive to adversaries, even far after a breach is over. With information on billions of accounts continuing to be out there, the need for proper password hygiene has never been more critical. Strong, unique, regularly changed passwords combined with a password manager and multifactor authentication are the only ways to help minimize the impact of both initial, and follow-on breaches of user account credentials.
To accurately assess security risk, DataViper should employ an AI-powered solution that can provide real-time monitoring and pinpoint exactly where potential vulnerabilities lie. It is nearly impossible for security teams to determine such risks without automated software, as there are up to hundreds of billions of ways for hackers to infiltrate an enterprise network. As such, it is critical that companies quantify and prioritize breach risk reduction tasks.