A Chinese hacker has been peddling the data of almost 200 million Japanese users on an underground cybercrime forum.
The data was gathered by hacking almost 50 smaller Japanese sites, and then the hacker behind it formed a big giant archive which he put for sale in December 2017.
After analyzing a sample of the data, researchers discovered that the hacked targets are small Japanese websites activate in the retail, food and beverage, financial, entertainment, and transportation sectors.
At first sight, the data appears to be authentic and not forged because it contains data from users whose personal info had been leaked in other breaches, but also data for new users.
This mixture of new and old data is also confirmed by other links suggesting some data comes from hacks that took place in June 2016, and May 2013.
The user leaked data includes real names, email addresses, dates of birth, phone numbers, and home addresses.
Companies and individual people must take certain precautions against this growing phenomenon of data theft; they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows, an antivirus for Mac, or antivirus for Android, depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
The price for all the 200 million users is set at only ¥1,000 CNY which is USD 150.96. Other hackers commented on the forum thread where the suspected Chinese hacker is selling his data, which they’ve bought it but didn’t received their files. This may be true, or not because it is a common practice that this kind of comments to be made by other data sellers that are trying to sabotage their competition.
Researchers have tracked the hacker’s online persona to a QQ social network ID that is also linked to another hacker’s online persona. This second QQ address is connected to an individual living in China’s Zhejiang province which also has a bad reputation as well, researchers said.
This hacker has been active online since 2013, the year of the oldest data included in the Japanese files. The same hacker has been linked to selling data on multiple Chinese hacking forums, data that is belonging to companies in many other countries such as China, Taiwan, Hong Kong, Europe, Australia, New Zealand, and North America.
The data sold in this most recent dump does not contain susceptible information, but this kind of information can still facilitate identity theft, spam, malware propagation, and fraud.
Keep in mind that every device represents a network entry point or a valuable data bank that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.