Skip to main content
FoxPointe FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
  • Management Team
  • About Us
    • Credentials
    • Careers
    • News
    • Videos
  • Blog
  • Contact Us
FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
  • Management Team
  • About Us
    • Credentials
    • Careers
    • News
    • Videos
  • Blog

Enter Keywords

  1. Home
  2. Blog

FoxPointe Security Hub

Major Data Breach May Impact Over 200 Million Accounts: Protect Yourself Today

November 19, 2020 by Benjamin Doyle CISSP, PCI-QSA, CCSFP, CEH, CISA, HCISPP

FoxPointe Solutions has been closely following the major data breach that was recently announced involving Cit0day, as well as the subsequent analyses to accurately identify the true risk levels that could be associated with it. Following the emergence of updated forensic reports, it has been determined that this breach could significantly impact hundreds of millions of users.

The Cit0day site had been used by security professionals and hackers alike for its collection of tens of thousands of databases containing user credentials that had been exposed in previous data breaches and were being sold on the dark web. Cit0day then combined all of these credentials and offered them as a subscription service for people to use against organizations’ security defenses (for good or ill purposes). This major repository of over 23,000 databases of breached credentials (with each database corresponding to a unique website) was leaked and posted to the dark web for free.

There are roughly 227 million unique email addresses and associated passwords in the breach. The most pressing item of significance in connection with this data leak is the number of new credentials that appear to have been compromised, and from much more recently than any other large-scale data breach. Cyber and forensic analysts released statements on 11/19/2020 that anywhere from 25 percent to 45 percent of the breached credentials appear to be brand new and never before seen on the dark web.

Based on emerging information, there is an enhanced possibility for this information to be maliciously utilized, resulting in an increase in data breaches for the coming months and beyond. This event serves as an emphatic reminder and recommendation to review organizational (and personal) password policies and initiate a password change, if not already performed in the past few months.

As a further point of best security practice, FoxPointe would strongly remind all users to avoid utilizing the same password, or slight variations of the same password, across numerous websites and accounts. Similarly, a work email address should only be used outside of the organization for approved websites. In these instances, a different password should be used than any currently utilized in the work environment. Further, it is actively recommended to utilize multi-factor authentication wherever possible, for both professional and personal accounts.

For any questions or assistance in implementing best practice security controls, please feel free to contact John Roman, President, and COO of FoxPointe Solutions, at jroman@foxpointesolutions.com.

FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.

Subscribe

Subscribe to receive new articles and resources from our information risk management experts directly in your inbox as soon as they're available.

Subscribe Now

Data Security Cybersecurity Alert Cybersecurity   investment risk management
Share
Twitter Facebook LinkedIn
Topics
  • Data Security (20)
  • Data Privacy (19)
  • Compliance (4)
  • Risk Management (13)
  • Cybersecurity Alert (11)
  • Cybersecurity (25)
  • tik tok (1)
Let us show you how we can help
Request Quote
FoxPointe

488 Madison Ave. 23rd Floor
New York, NY 10022

Call 844-726-8869
or Contact Us

Subscribe to the Blog

Services
Cyber Risk, Assurance and ComplianceIT AuditPenetration TestingGeneral Consulting
Company
Management TeamAbout UsBlogCareersPrivacy Policy
©2021 FoxPointe
Website by Corporate Communications, Inc.