A national enforcement agency in Ukraine has detained a hacker it claims is liable for the country’s largest known theft of private data, cryptocurrency wallets and other information.
The Security Service of Ukraine (SSU) reported detaining a hacker, referred to as Sanix, allegedly for selling a database with 773 million email addresses and 21 million unique passwords on various online forums in recent years.
In addition to email logins and passwords, the database contained “PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, information about computers hacked for further use in botnets and for organizing DDoS attacks,” the SSU said in its handout . The stolen data belonged to people from different countries, including the ecu Union and therefore the U.S., the agency claimed.
The agency seized “computer equipment with two terabytes of stolen information, phones with evidence of illegal activities and cash from illegal transactions,” including about $10,000 in Ukrainian hryvnias and U.S. dollars, the discharge said.
The seizures happened after SSU received a tip that Sanix is “probably a Ukrainian, a resident of [the] Ivano-Frankivsk region” and searched his home.
Sanix now faces criminal charges for unauthorized interference with computers and unauthorized sale or dissemination of data with limited access. consistent with the Ukrainian criminal code, a mixture of those two can initiate to eight years of prison time.
The breach was first reported in January 2019 by cybersecurity researcher Troy Hunt. Wired called it “a breach of breaches,” saying the 87-gigabyte database “claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked.”
The first batch of stolen data had been followed by several more “collections,” offered by Sanix also as another hacker named Oxa, Forbes wrote at the time. The hackers offered “lifetime” access to the databases for modest amounts from $45 to $65.