Data of millions of Japanese sold on underground hacking forums

A cybercriminal operating from outside China was found to be selling data of nearly 200 million Japanese users on underground hacking forums, claims FireEye’s iSight Intelligence report.

In the was noted that the data is collected from 50 not-so-popular Japanese websites. Once a huge database was developed, the data was put for sale in December 2017 and the asking price is just $150 (¥1,000 CNY) for the entire archive.

In the report, FireEye researchers noted that small Japanese websites were the key targets of the hackers, mainly the sites connected with food, beverage, financial, entertainment, transportation and retail industry.

FireEye claims that the data is authentic because it not only contains information of users who had already gotten their private data leaked in previous breaches but also data of new users. Some of the data belongs to the hack attacks that took place in June 2016 while the new ones go as far as May 2013.

Data vary considerably according to the site from where the information was stolen. However, a majority of datasets have similar information including real names, dates of birth, home addresses, contact numbers and email IDs.

See: Japan’s Coincheck cryptocurrency exchange hacked; $534 Million stolen

Some of the buyers commented on the thread, where the alleged Chinese hacker posted the database for sale, stating that they have already bought the PII cache but didn’t receive the files yet. Quite possibly the comments were posted by other data sellers to mislead potential buyers or they might just be true.

FireEye claims to have tracked the online ID of the hacker on a QQ social network, but this particular ID is linked to another hacker’s online ID who has a bad reputation and bad reviews on the internet. As noted by FireEye researchers:

“This QQ address is connected to an individual living in China’s Zhejiang province.”

This hacker is identified to be active since 2013, which is also the year of the oldest data that is part of the hacked database. Researchers at FireEye reported that the hacker is selling data on multiple hacking forums based in China and in other countries as well including North American countries, New Zealand, Australia, European countries, Hong Kong and Taiwan.

The database although doesn’t include very sensitive information but whatever is included is enough to allow anyone carrying out identity theft, fraud, spam, and malware distribution.


According to WorldoMeters, the total population of Japan is around 127,216,210 but since FireEye researchers have found data on 200 million people it is quite possible that the dataset includes information on several other nationalities.

See: Japanese hosting company Kagoya hacked; credit card data stolen

Image credit: Depositphotos

Related Posts