The cybersecurity community was shaken by last month’s discovery that over 770 million email addresses and 21 million passwords had been leaked all in one place.
Now within a short period from when the information became public, the hacker who was primarily responsible for collecting this large volume of hacked data—referred to as the “Collection #1” breach—has been identified.
Researchers identified the source as “C0rpz.” It has been additionally disclosed that this entity did not stop at just stealing and collecting all these emails but sold them to two hackers, who too have been identified. Their names have been disclosed as “Sanix” and “Clorox.”
The Other Larger Collection of Emails with a Russian Connection
Meanwhile there have been reports of a larger volume of hacked emails in excess of 100 billion which is being directly connected to a hacking forum from Russia, and interestingly there is the inclusion of the Collection# 1 in that dump as well. Here is the list of the grouping done in the Russian-language forum:
“ANTIPUBLIC #1”, “AP MYR & ZABUGOR #2”, “Collection #1 through #5” (total of seven data sets).
Each of these blocks are large files, the largest one being Collection #2 which weighs over 500 GB. The total size of all these dumps put together could reach as much as 1 TB.
The first named dataset on this list, with the moniker “ANTIPUBLIC #1,” was reportedly sighted previously as part of leaked information. The remaining except Collection #1 were being seen for the first time.
Clearly whoever collected these emails through hacking large databases worldwide decided to put all of them in one place. Some have been found to be sold. Also, a large amount of these leaked emails has been offered among the hacking community for free as well.
Separate Teams Researched on the Sources of Collection #1
The research team that managed to identify “C0rpz” was from Recorded Future, a cyber intelligence firm. Their team has said they are reasonably certain that “C0rpz” is indeed the hacker who first sourced these large volumes of emails and put them together.
It was initially security expert Troy Hunt who first broke the news on Collection #1 last month. According to his report, the leaked dataset ran into over 2 billion rows of data. The team that worked on this had put in a lot of effort to remove duplicate entries and to match the email addresses with the passwords found in the data dump.
They came up with a large number of such matched data and it was put out to the public deliberately so that any individual can check the ‘Have I Been Pwned’ database to see if their email is appearing on the list and take action accordingly. If there was nothing serious or important associated with the email address, they could change to a better and stronger password and feel secure. The other option is to dump that email ID and inform all your contacts after registering a new email ID.
There were other independent researchers involved in investigating such as security expert Brian Krebs, who traced the tracks of how the data was shared among these hackers. He’s also the one who discovered the involvement of the aforementioned hacker known as “Sanix.”
Hopefully, some law enforcement agency can press on and locate the culprit and take action. It may not be easy if “C0rpz” is living in Russia since many a time it has been seen that the hackers from Russia even receive state patronage.
But, meanwhile, ordinary users should learn from such instances and take appropriate steps to ensure their emails are not hacked in the future. One way is to use a very strong password. If you use Google Chrome, the browser has a feature that generates a secure password and stores it on your computer. It will remember the password and input it automatically when you try to log into your account in the future.
The other alternative is to use a password manager app that helps you build strong passwords. Ensure that you have a safe and secure internet connection as well.