Over 23,000 hacked databases shared over Telegram and Discord

Image of a cyber criminal using several computers in a dark room
(Image credit: Shutterstock)

Over 50GB of data from 23,000 hacked databases have been shared by hackers across Telegram channels and two hacking forums, it has emerged.

A total of 23,618 databases were able to be downloaded through the Mega file hosting service, amounting to a dataset of around 13 billion personal files. The link was later taken down following abuse reports but there are fears that the data has entered the public domain, according to reports from ZDNet.

The databases are said to have come from Cit0Day.in, an underground service launched in January 2018 that provides hacked password data to criminals for a monthly fee. So far, the collection of data has been shared on Russian-speaking hacker forums, the voice chat app Discord, and Telegram channels managed by nefarious data traders.

On 14 September, this service showed users what appeared to be an FBI and US Department of Justice seizure notice. According to threat intelligence service KELA, the seizure noticed appear to be fake and copied from another website. It is not known if the site's creator, known as Xrenovi4, has been arrested.

The databases themselves are from both big-name internet portals as well as smaller, lesser-known websites. Evidence suggests the data is already being exploited by cyber criminals to carry out credential stuffing and password spraying attacks against users who have reused passwords across a number of websites.

Boris Cipot, senior security engineer at Synopsys, told IT Pro that when stolen data is made public or sold to the highest bidder, the race to exploit these affected users begins.

“The problem is that this leak contains data from more than 23,000 databases," said Cipot. "Some of the data is old, some new. For now, it is hard for anyone to be sure that their name, username, passwords, or other data, has not been exposed. Therefore, I would recommend that everyone change their passwords on services they use – just in case."

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.