[cit0day] User data breach?

[boiler]

I received a spam email this morning that addresses me in the body of the email by my AuotHotkey forum username, which I don’t use anywhere else. It seems there must have been a data breach because there shouldn’t be access to my email address paired to my username (my user options do not make my email address public and never have).

Would this breach also have given access to passwords, or are they somehow encrypted? If so, shouldn’t email addresses be similarly encrypted? Has this happened to anyone else? Are there any actions to be taken to better protect user info going forward?

[ahk7]

If it was some religious drivel then I got it too (twice) today/yesterday but on an OLD username from the previous forum which was compromised (multiple times). So if you used it a few years back, that might explain it and someone is using that database again (probably free to download via scammy website(s) or on the cheap for a few bucks).

Edit: I now got it on my "new" account as well, that's not right.

[boiler]

Yes, it was some religious drivel. I used the same username on both forums, so I can't tell which one it is based on. I received only one email so far.

[joedf]

There's a report here:
https://www.troyhunt.com/inside-the-cit0day-breach-collection/

However much of it is recycled data (and for our case likely from our previous breach), and I believe it's likely just emails at this point... I am getting emails as well but it seems my unique password here does NOT appear to be in the "pwned passwords"
https://haveibeenpwned.com/Passwords

I dont think Emails are encrypted in general, but passwords are hashed

[boiler]

Thanks. Good to know that it doesn’t look to be a new breach.

[joedf]

Whoops! I thought I put NOT (edited, added now) in the password appearing in the db sentence above... but glad you got what I meant despite me missing the negation ahah

Glad it was brought up, because I got emails from some users about this. I wasn't sure exactly how to word this, but this is good. Now I can refer them to this thread.

[tank]

hashed and salted

[tank]

ther are alot of ways to get an email address beyond a breach tho. That being said. even when i am inactive i have file system montoring and the db can only be connected to by private network from the server only. I am not saying it isnt possible. but the number of roadblocks to success is so high that it would take more than routine bot farm probes i see in logs

[joedf]

Firefox monitor also provides a quick email-address search for cit0day apparently. No results for my email
https://monitor.firefox.com/?breach=Cit0day

[gregster]

Firefox monitor also provides a quick email-address search for cit0day apparently. No results for my email
https://monitor.firefox.com/?breach=Cit0day

Can confirm. My current forum email address that I use since early 2019 is not in this dataset - I didn't get the religious drivel spam either, afaics.

My old address that I used for 15 years is in it (no surprise there, I was aware that it was already available for many years in some databases, but from - at least - two non-AHK leaks; potentially also from one of our old forum leaks). Edit:I guess I just got the spam mail (addressing me as gregster) on my former forum address, but not on my newer one.
So I guess, cit0day is really just another compilation of older (already available) data.