'Data breach index' services are websites that collect hacked databases and provide the content within to other hackers for a fee.
The content of the hacked databases these services have, can include username-password combination, real name of users, addresses, e-mail addresses, phone numbers, social security numbers, financial details and more. The data can be either hashed or in cleartext.
And here, Cit0day.in was one of those sites.
But site had its collected over 23,000 hacked databases leaked to the internet, and available for download on several hacking forums as well as Telegram channels.
Intel threat analysts are calling this the biggest leak of its kind.
It began back in 2018 when Cit0day was founded.
At that time, rival LeakedSource was just taken down, to to fill the gap its rival left, Cit0day initiated a huge advertising campaign on both underground hacking forums and the public internet, like BitcoinTalk and others, according to data provided by threat intelligence service KELA.
On September 14, 2020, the site went down.
Based on the notice on the site, Cit0day was taken offline in what was supposed to be caused by a raid from the FBI and the U.S. Department of Justice.
Quickly, rumors started circulating on forums, suggesting the site creator, a person known as Xrenovi4, might have been arrested, similar to what happened to the operators of LeakedSource.
But the takedown notice on Cit0day was apparently a fake. What's more, there was no news about the Xrenovi4's arrest by the authorities.
The authorities usually take down criminals on the web, by taking their websites, only if they can also charge the creators.
In this case, speculations suggested that Xrenovi4 was hiding somewhere.
Concerning the leak, it's unclear at this time if it was Xrenovi4 who leaked the data intentionally, or if it was rivals who hacked the site and leaked the databases.
A total of 23,618 hacked databases were provided for download, mostly through MEGA's file-hosting portal.
The databases are put together into one huge 50GB database that has more than 13 billion user records.
The contents within include hacked databases of small websites, no-named websites with small userbases, and data dumps that are both old and new. Few of the hacked databases belonged to big internet companies.
It should be noted that the databases don't have a password field.
The compiled database was up on the internet for a few hours before it was taken down following an abuse report. But this short timeframe is enough for any interested parties to download it.
Moments later, as more hackers got hold of the database, more of them are uploaded to other hacker forums. Links to other file-hosting sites than MEGA were also found on Telegram and Discord channels, all of which are operated by well-known underground data brokers.