Info Data Leak

“Japanese Netizens’ Personal Data: A Hot Commodity on the Underground Market!”

SecurityOnline

Threat Actor: Cyber hacker suspected to be living in China’s Zhejiang Province | Cyber hacker suspected to be living in China’s Zhejiang Province
Victim: Japanese netizens | Japanese netizens
Price: $150
Exfiltrated Data Type: Personal identity information (PII)

Additional Information :

  • The data sets were discovered in early 2017.
  • The data sets include name, login credentials (account number and password), email address, date of birth, phone number, and home address.
  • The data set contains more than 200 million unique account verification information sets.
  • The data is extracted from the database of many popular websites in Japan.
  • The data covers a number of industries, including retail, food, beverages, finance, entertainment, and transportation.
  • Most of the data was stolen from May to June 2016, with some dating back to May and July 2013.
  • The data set contains more than 200 million pieces of information from 11 to 50 sites in Japan.
  • The data is considered authentic as many of the pieces do not exist in previously disclosed data sources.
  • Approximately 36% of the collected log-in credentials matched data from previously publicly disclosed sources.
  • The “seller” is suspected to be living in China’s Zhejiang Province and is associated with two other suspects through their QQ address.
  • The data being sold may be used for phishing or cyber fraud activities.
  • FireEye is issuing warnings to affected Japanese government agencies and companies, and advising Japanese netizens to modify their passwords to avoid potential security threats.

In a survey released on Thursday, May 17th, the cybersecurity company FireEye stated that the company’s security team has discovered a set of data sets being sold on underground hacking forums. These datasets involve a large number of sensitive information includes personal identity information (PII) of more than 200 million Japanese netizens.

According to the report description, these data sets were discovered in early 2017, and a cyber hacker suspected of living in China’s Zhejiang Province is advertising for the sale of these data sets. The contents of the data set include name, login credentials (account number and password), email address, date of birth, phone number, and home address.

The advertisement claims that the data set contains more than 200 million unique account verification information sets, and the data is extracted from the database of many popular websites in Japan, and the price is only $150.

The report pointed out that the data itself covers a number of industries, including retail, food, beverages, finance, entertainment, and transportation. From the creation date of the folder, most of this data was stolen from May to June 2016, and the rest can be traced back to May and July 2013.

After an in-depth analysis of these data sets, FireEye’s security team stated that the data set does contain more than 200 million pieces of information, presumably from 11 to 50 sites in Japan. In addition, many of these data do not exist in data sources that were previously publicly disclosed, so the data itself is considered to be authentic.

In order to verify the authenticity of the data, the researchers randomly selected 200,000 e-mail addresses from the dataset for comparison, most of them from previously reported data leakage incidents. From this point of view, these data sets are not forged for the purpose of sale. In addition, the researchers also collected more than 190,000 log-in credentials for comparison, of which more than 36% matched the data in previously publicly disclosed data sources.

As mentioned at the beginning of the article, FireEye’s survey results showed that the “seller” was suspected of living in China’s Zhejiang Province, and two other suspects were associated with their QQ address. In addition to stealing data from Japanese websites, the data it sells includes numerous websites in China, European countries, Australia, New Zealand, and North America.

Although FireEye believes that these data sets originate from random, illegal access, target activities for specific organizations and many data come from previously disclosed data disclosure times, these data being sold may still be used for phishing or Cyber fraud activities. FireEye is currently issuing warnings to affected Japanese government agencies and companies and reminding Japanese netizens to modify the password being used to avoid potential security threats.

Source: securityweek

Original Source: https://securityonline.info/200-million-japanese-netizens-personal-data-offered-on-the-underground-market/

Tags: CHINA, EMAIL, PASSWORD, GOVERNMENT, PHISHING