Just completed a protracted verification and cross reference process.
We have enough site specific email address registrations which report 1 breach in the cit0day data dump to confirm that there is genuine Winterhighland forum members credentials in the data dump. That there are some 23,000 websites breached in this data dump is of little consolation when embarrassingly Winterhighland is one of them.
At this time we believe there are 2222 genuinely compromised passwords which are paired with the email address used to register these forum accounts. The information dumped does not include usernames, just password hash / password (where cracked) and email address.
The cracked passwords fall into a two distinct categories, either vulnerable to dictionary attacks including use of common numeric character substitution strategies or relatively vulnerable to brute force attacks given modern computing power such as all numeric digits with fewer than 10 digits and random alphanumeric passwords shorter than 8 characters.
There is also a significant reoccurrence of passwords like 123456, rangers1690, celtic1888, cliffhanger, nosecurity, qwerty - you get the drift!
If you want to check whether your passwords are secure try [haveibeenpwned.com
We have some other data and information to review which may help pinpoint what / when the actual breach was that lead to this data being in the Cit0day dump in December 2020. We will post further info with more details later on Wednesday,
Once again if you have used your Winterhighland email address and password combination elsewhere - CHANGE IT. If you have a re-used password on your actual email address change it before doing anything else!