The Security Service of Ukraine (SBU) announced earlier this week it had been successful in identifying and arresting a hacker responsible for posting and selling a sizable database containing 773 million stolen email addresses and 21 million unique plaintext passwords on various hacking forums. Though the SBU has identified the hacker behind the pseudonym "Sanix," it has yet to reveal his true identity to the media.
SBU’s search of Sanix’s Ukrainian residence resulted in the seizure of the hacker’s computer equipment, which included 2 TB of stolen data, phones riddled with evidence of the hacker’s illegal activities and upward of $10,000 in cash from alleged illegal transactions.
Ukrainian police stated, “The hacker is preparing a report of suspicion of unauthorized interference with computers and unauthorized sale or dissemination of information with limited access stored in computers, under Part 2 of Art. 361, part 1 of Art. 361-2 of the Criminal code of Ukraine.”
Sanix originally made headlines in January 2019 when attempting to sell an 87 GB database that is recognized as "the largest array of stolen data in history." Based on what security experts have shared with the SBU, the posted database was just a fraction of the data that Sanix had stolen.
SBU also claims Sanix acquired at least seven additional databases that included stolen and broken passwords. These databases were terabytes in size and included billions of phone numbers, payment card details and Social Security numbers.
Beyond email logins, Sanix’s stolen databases also included bank card PINs, cryptocurrency e-wallets, PayPal accounts and information concerning computers hacked for botnet use and denial-of-service attacks.
For those interested in getting an inside look at Sanix’s operation, the SBU has since posted a video of the team perusing Sanix’s computer.
