More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind.
The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals.
Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.
Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.
The idea behind the site isn't unique, and Cit0Day could be considered a reincarnation of similar "data breach index" services such as LeakedSource[1] and WeLeakInfo[2], both taken down by authorities in 2018 and 2020, respectively.
In fact, Cit0Day launched in January 2018, as LeakedSource was taken down, and was heavily advertised on both underground hacking forums but also on major forums on the public internet, like BitcoinTalk, according to data provided by threat intelligence service KELA[3], which first alerted ZDNet about the site earlier this year.
However, the Cit0day website went down on September 14, when the site's main domain sported an FBI and DOJ seizure notice.
Rumors started circulating on hacking forums that the site's creator, an individual known as Xrenovi4, might have been arrested, similar to what happened to the authors of LeakedSource and WeLeakInfo.
But all signs pointed to the fact that the FBI takedown notice was fake.
KELA Product Manager Raveed Laeb told ZDNet that the seizure banner was actually copied from the Deer.io takedown[4], a Shopify like platform for hackers, and then edited to