FoxPointe Solutions has been closely following the major data breach that was recently announced involving Cit0day, as well as the subsequent analyses to accurately identify the true risk levels that could be associated with it. Following the emergence of updated forensic reports, it has been determined that this breach could significantly impact hundreds of millions of users.
The Cit0day site had been used by security professionals and hackers alike for its collection of tens of thousands of databases containing user credentials that had been exposed in previous data breaches and were being sold on the dark web. Cit0day then combined all of these credentials and offered them as a subscription service for people to use against organizations’ security defenses (for good or ill purposes). This major repository of over 23,000 databases of breached credentials (with each database corresponding to a unique website) was leaked and posted to the dark web for free.
There are roughly 227 million unique email addresses and associated passwords in the breach. The most pressing item of significance in connection with this data leak is the number of new credentials that appear to have been compromised, and from much more recently than any other large-scale data breach. Cyber and forensic analysts released statements on 11/19/2020 that anywhere from 25 percent to 45 percent of the breached credentials appear to be brand new and never before seen on the dark web.
Based on emerging information, there is an enhanced possibility for this information to be maliciously utilized, resulting in an increase in data breaches for the coming months and beyond. This event serves as an emphatic reminder and recommendation to review organizational (and personal) password policies and initiate a password change, if not already performed in the past few months.
As a further point of best security practice, FoxPointe would strongly remind all users to avoid utilizing the same password, or slight variations of the same password, across numerous websites and accounts. Similarly, a work email address should only be used outside of the organization for approved websites. In these instances, a different password should be used than any currently utilized in the work environment. Further, it is actively recommended to utilize multi-factor authentication wherever possible, for both professional and personal accounts.