The hacker who worked within the DataViper servers claims to have stolen more than 8,200 databases that Troia had indexed for the DataViper data leak monitoring service. The exfiltrated databases contain the information of billions of users that was leaked during past security breaches from DataViper’s “data leak detection” service.
The hacker, via a link to a dark web portal, shared the published information about the hack, including an e-zine (electronic magazine) detailing the intrusion into DataViper’s backend servers. The hacker, who calls himself NightLion, announced the hack in an email sent to several cybersecurity reporters.
Looking into the matter for Digital Journal is Vinay Sridhara, CTO of Balbix.
Sridhara explains that: “The DataViper breach shows that sensitive data continues to be attractive to adversaries, even far after a breach is over. With information on billions of accounts continuing to be out there, the need for proper password hygiene has never been more critical.”
This stands as a key recommendation, as Sridhara explains: “Strong, unique, regularly changed passwords combined with a password manager and multifactor authentication are the only ways to help minimize the impact of both initial, and follow-on breaches of user account credentials.”
In terms of going forwards, Sridhara sets out a plan: “To accurately assess security risk, DataViper should employ an AI-powered solution that can provide real-time monitoring and pinpoint exactly where potential vulnerabilities lie. It is nearly impossible for security teams to determine such risks without automated software, as there are up to hundreds of billions of ways for hackers to infiltrate an enterprise network. As such, it is critical that companies quantify and prioritize breach risk reduction tasks.”
