According to police, the hacker also compiled Collection #1, #2, #3, #4, #5, and Antipublic combolist.
The hacker who made headlines in January 2019 for trying to sell “the largest collection of stolen data in the history of data breaches” has been arrested by the Ukrainian Secret Service (SSU).
In an announcement, the SSU revealed that the hacker, known as Sanix, had billions of stolen credentials and was selling them on Telegram channels and various hacking platforms. The hacker was arrested in Ivano-Frankivsk, a west Ukrainian city. However, the real name of the hacker hasn’t been disclosed by the authorities.
Last year, Sanix caused a stir when he bragged about possessing a massive database containing 87 GB of unique data including 773 million email IDs and 21 million unique passwords. He also claimed of possessing a total of seven such huge databases that contained personal and financial information of North America and European Union citizens.
Investigations revealed that Sanix was a data broker and had been involved in the selling of hacked data for a long time. However, he was spotted much later in 2018. Sanix collected data, mainly username and password combos leaked after a company was hacked, and assembled the information.
Gradually his collection expanded tremendously as he now possessed large lists of credentials which he compiled in seven different databases known as Collection #1, #2, #3, #4, #5, and Antipublic combolist, etc. Moreover, the hacker also owned terabytes of raw data and billions of unique credentials were part of his collection.
He then tried to sell the data to cybercriminals via various underground platforms and looked for threat actors like spam groups, account hijackers, password crackers, and brute-force botnets operators to buy from him. He also used Telegram channels to sell hacked data, where he used the nickname Sanixer.
Property seized by police (Image: SSU)
According to authorities, the hacker was selling his ‘private collection’ for years. According to IntSights, a threat intelligence firm, some of his data got leaked online when he had a dispute with another data broker Azatej from Infinity Black hacker which was dismantled earlier this month by Polish and Swiss police.
Investigators raided Sanix’s residence and discovered computers containing two terabytes of hacked data. Computer analysis showed records proving that Sanix was involved in the,
Selling of databases containing “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”
Brian Krebs from KrebsOnSecurity claims that a majority of the data Sanix possessed was years old and was stolen from public data breaches. Recently, Sanix started selling access to educational institutions and a compromised VPN account owned by the San Bernardino, California government.