Threat Watch

Hacker Breaches Data Leak Monitor Services

Recently, a hacker going by the handle “NightLion” sent information to several news media outlets claiming to have breached the data leak monitoring service DataViper, which is operated by the cyber security company Night Lion founded by Vinny Troia. The hacker appears to have created their alias name for the purpose of leaking the information that they allegedly stole from the DataViper server. DataViper consists of multiple breach databases sold on criminal forums and in private sales that have been compiled into a searchable portal so that companies can discover if any of their employees’ passwords have been compromised. According to claims made by the hacker NightLion, the stolen data includes more than 8,200 databases with the PII of billions of users. Vinny Troia responded to the claims by stating that the hacker gained access to a test server, not the DataViper production server and that all of the allegedly stolen had been public for some time, having been sold in the same forums that the hacker had access to. Many aspects of the announcement, including the fact that the hacker used the same name as Troia’s company and a meme posted on the leak page that read “I’m about to end this man’s whole career” made it clear that the attack was likely meant to discredit Troia as a security researcher.

ANALYST NOTES

Whether the attacker gained access to the data breach information by stealing it from DataViper or by purchasing the original breach databases from forums, it has become common for attackers to have access to stolen passwords from thousands of data breaches. Because many breaches these days stem from password reuse, Binary Defense recommends changing the passwords for all accounts that use the same password to be unique. Password managers like LastPass for IOS or OnePass for Android can make password management easy by storing all passwords in an encrypted database. Enabling Multi-factor Authentication (MFA) using SMS or an authenticator app will make it that much harder for attackers to access accounts even if a password was stolen.

https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/