A U.S.-based cybersecurity firm, Recorded Future, alleges to have identified a hacker allegedly responsible for exposing stolen data in a recent leak dubbed Collection #1.
Experts from Recorded Future's threat intel team have claimed that the hacker goes by the pseudonym "C0rpz."
According to the company, multiple individuals came out claiming to serve as the source of the breached data.
However, Recorded Future has stated that after their assessment, C0rpz is the principal source of Collection #1.
Alleged Identity of the Hacker
The experts also believe that the hacker collected the data for over three years, which included data from companies that were hacked in the past.
C0rpz later sold the information to other hackers who sold it as well as put it out there for free.
One of the hackers who bought from C0rpz included an individual known as "Sanix." Security reporter Brian Krebs had earlier identified Sanix the source of the data dump.
Another hacker is Clorox, responsible for releasing the data for free on the dark web as well as URLs to separate databases hosted on MEGA.
Last month, the security researcher Troy Hunt was first to discover Collection 1, which contained 772,904,991 unique emails and 21,222,975 unique passwords.
Other Discoveries Made by Researchers
Later in January, researchers at Germany-based Hasso Plattner Institute uncovered an additional 611 million credentials attributed to Collection #2-5 that were not in Collection #1.
In addition, they found 750 million credentials that were not included in their database, Identity Leak Checker, of leaked data.
According to David Jaeger, a researcher at Hasso Plattner Institute, some of the data can be attributed to automated hacking of smaller websites.
This can allege some of the data is being leaked for the first time.
Research has shown that Collection #1 was only part of a mega-collection that constituted seven additional data dumps. The list below represents a breakdown of the databases:
- Collection 1 (87.18 GB)
- Collection 2 (528.50 GB)
- Collection 3 (37.18 GB)
- Collection 4 (178.58 GB)
- Collection 5 (40.56 GB)
- AP MYR & ZABUGOR2 (19.49 GB)
- ANTIPUBLIC 1 (102.04 GB)
In total, the whole package is a massive 993.53 GB in size and is rumored to contain over 3.5 billion credentials including passwords together with usernames, email addresses and telephone numbers.
According to Recorded Future's report, the firm has also uncovered an additional possible source for Collection #1 after a hacker stated that Collection #1 was included in a data dump in their possession.
The hacker posted a direct download link and a magnet link on a Russian-speaking hacker forum to the database alleged to contain over 100 billion user accounts.
What It Means
When all is said and done, it does not matter who the source of the data is since data vendors are now assembling leaks from distinct sources into mega collections to make a profit.
This was as a result of more and more company systems being breached. This flooded the market typically pushing the profits of selling individual data leaks down.
This means that there is a possibility that more data is out there in similar mega collections and is being shared on dark web hacking forums without the knowledge of the public eye.
All that one can do is adopt personal measures to mitigate the impact of such a breach.
