Posts Tagged: Sanix


19
May 20

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case.

The Security Service of Ukraine (SBU) on Tuesday announced the detention of a hacker known as Sanix (a.k.a. “Sanixer“) from the Ivano-Frankivsk region of the country. The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Items SBU authorities seized after raiding Sanix’s residence. Image: SBU.

Sanix became famous last year for posting to hacker forums that he was selling the 87GB password dump, labeled “Collection #1.” Shortly after his sale was first detailed by Troy Hunt, who operates the HaveIBeenPwned breach notification service, KrebsOnSecurity contacted Sanix to find out what all the fuss was about. From that story:

“Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his ‘freshest’ offering. Rather, he sort of steered me away from that archive, suggesting that — unlike most of his other wares — Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained.”

Alex Holden, chief technology officer and founder of Milwaukee-based Hold Security, said Sanixer’s claim to infamy was simply for disclosing the Collection #1 data, which was just one of many credential dumps amalgamated by other cyber criminals.

“Today, it is even a more common occurrence to see mixing new and old breached credentials,” Holden said. “In fact, large aggregations of stolen credentials have been around since 2013-2014. Even the original attempt to sell the Yahoo breach data was a large mix of several previous unrelated breaches. Collection #1 was one of many credentials collections output by various cyber criminals gangs.” Continue reading →