Fact: In November 2020, a database containing over 200 million usernames and passwords was leaked in the infamous Cit0day breach. According to researchers, the leak included both new and previously breached login credentials from over 23,600 websites.
Was your data exposed in the Cit0day breach? Find out now.
What is Cit0day, anyways? I don’t recall creating an account.
The now-defunct Cit0day.in was a data breach index website that collected previously hacked databases and advertised them in the cybercriminal community and on underground forums.
By purchasing a daily or monthly subscription, threat actors could access and filter data (names, email addresses, usernames and clear-text passwords) to prepare their next attacks or take over user accounts.
Exposure and aftermath
The Cit0day data breach index platform’s entire contents were available as a free download for just a couple of hours, enough time for researchers and cybercriminals alike to access and copy the information.
Like most data breach dumps, the information in the Cit0day breach was random and indistinctly formatted, making it hard to pinpoint the origin of the leak. Much of the info also appeared to be stolen from unknown websites with few users. While some of the information included just hashed passwords, the ones in clear text represent a significant security risk for users.
Even if your login credentials were found in a data dump posted years ago, you’ve probably reused the same email address and password combination on various other websites and platforms.
On top of account takeover attacks, victims may expect to see an increase in spam and phishing emails set out to steal sensitive data through fraudulent links or malicious attachments.
Similar data dumps and collections of data breaches will undoubtedly pop up in the near future. To protect your accounts and data, make sure never to recycle passwords or use email and password combinations previously leaked online.
Find out more about what cybercriminals may know about you and how to prevent further data exposure with Bitdefender’s Digital Identity Protection tool.