Some days ago, tech media including ZDNet reported that 23,618 databases from companies and organizations had been hacked and made available for download on MEGA, a cloud file-hosting portal frequently used for the unauthorized posting of files, ranging from this kind of business data to pirated music and movies. Barely had the link been created when it was doing the rounds on the deep web and other channels, including on Telegram.
TechTimes estimates that there is a total of 50 GB of data and some 13 billion files. Though experts claim that these are old databases that were hacked some time ago and will, to a large extent, have changed, the data may still be a threat in the hands of cybercriminals, as it can be leveraged for targeted phishing campaigns, theft of credentials and password spraying.
Massive data breach index_
So where does all this data come from? The leaked information originated on Cit0day.in. Cit0day is a service that advertises on hacker forums and communities and which operates as an index and search engine for hacked data. In fact, Cit0day took over from other similar portals such as WeLeakInfo and LeakedSourcewhen after they were shut down by the authorities.
Cit0Day was launched in January 2018 just as LeakedSource was closed and was heavily advertised on underground hacking forums as well as public sites such as BitcoinTalk. On September 14 this year it was apparently taken down and its URL pointed to an FBI and DOJ seizure notice.
There were rumors on forums, however, that the FBI’s takedown notice was in fact fake or had been copied from another platform. Such rumors were fueled by the fact that when ZDNet inquired with the FBI’s press department, its spokespersons declined to comment.
Moreover, no arrests related to Cit0day have been reported to date, as is standard procedure when these agencies close such portals, so according to ZDNet, the hacking community is skeptical of the rumor that the portal’s alleged creator, alias ‘Xrenovi4’, has been detained.
In any event, even if Cit0day actually ceases to operate, other similar portals will pick up the baton, which serves to underline the danger of data breaches in organizations.
The problems with DLPs_
To avoid these kinds of data filtrations, some companies had opted for data loss prevention software (DLP). Yet, firms are increasingly abandoning such solutions due to their numerous downsides:
- They can have a significant impact on system performance.
- They are intrusive.
- They take a lot of time to configure and maintain, and require involvement from other areas of an organization, not only cybersecurity. And as this is often unfeasible, the result is that only basic rules are implemented which is simply not effective.
- With migration to cloud services, CASB solutions are being implemented, and along with DLP network solutions that are often deployed, means that more and more companies are moving away from DLP on network nodes.
In comparison, advanced solutions based on endpoint protection platforms (EPP) such as Cytomic Data Watch offer many advantages: It helps organizations comply with data protection regulations such as the GDPR and has a minimal impact on performance. To do this, it discovers and protects personal and sensitive data, both in real time and throughout its lifecycle, on endpoints as well as servers. It can also monitor USB devices, which DLP solutions do not cover because they do not provide DLP protection on network nodes.