Ukrainian Hacker Nabbed In Megabreach Involving 773 Million Login Accounts

Arianne G.
May 22, 2020

The Ukrainian Secret Service (SSU) on Tuesday announced the arrest of a hacker called Sanix, who attempted to sell 773 million stolen usernames and passwords. The agency labeled the incident "the largest collection of stolen data in history."

Illustration file picture shows a man typing on a computer keyboard in Warsaw (Photo: REUTERS/Kacper Pempel)

Illustration file picture shows a man typing on a computer keyboard in Warsaw (Photo: REUTERS/Kacper Pempel)

Sanix, whose real name was not released, was arrested in Ivano-Frankivsk in western Ukraine, according to the SSU. The hacker had been first spotted in 2018 and has been active in underground hacking forums.

According to Ukrainian authorities, Sanix is a data broker, an individual who collects personal information obtained from companies and assembles all the information in a massive list of usernames and passwords. The stolen data is then sold to other threat actors, such as account hijackers, password crackers, spam groups, and operators of botnets.

On Telegram, Sanix operates under the name Sanixer and is responsible for assembling a series of user and password combos known as Collection #1, #2, #3, #4, #5, Antipublic, and others. The entirety of these collections amounts to billions of unique username-password combinations.

The SSU noted that these collections had been sold in private for years, but some of these managed to find its way online, thanks to another data broker called Azatej, who reportedly had a dispute with Sanix, according to IntSights, a threat intelligence outfit. (Azatej operates a web portal for selling stolen accounts known as Infinity Black).

When some of the collections were leaked in 2019, it gained attention from the media. It was, for some people, an eye-opener what "combolists" were, which are huge collections of old data and have now become a commodity for hackers. Collection no. 1 even has its own Wikipedia page.

Azatej had been arrested in Poland earlier in May, thanks to a Europol operation against the Infinity Black web portal.

The SSU has revealed that copies of Collection no. 1 were found on Sanix's computer, along with "at least seven similar databases of stolen and broken passwords."

Apart from the troves of usernames and passwords, authorities said that the hacker's computer also contained login credentials for PayPal accounts, cryptocurrency wallets, PIN codes for bank cards, and DDoS botnets.

Much of the data Sanix collected was years, but as recently as this month, Sanix was allegedly selling access to universities and a compromised VPN account for the government of San Bernardino, California. SSU officers said they seized 2 TB of data, $3,000, and 190,000 Ukrainian hryvnias(~$7,000)from Sanix's residence following a house search.

READ MORE:

This Is Why Your Passwords End Up Being Sold On The Dark Web

'Roblox' Hacker Gains Access To 100 Million Accounts After Bribing Insider

ILOVEYOU Virus: Remembering The First Major Computer Pandemic 20 Years Later