iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Names, addresses, dates of birth, and emails from a range of new and old data leaks are on sale for US$7,000.
Datasets move around hacking forums and websites with some regularity. One might be for sale one day, and then weeks, months, or sometimes years later, it shows up for free.
But it’s not often you see one quite so large as 14 million being offered up for sale.
A hacker by the name of Fancybear – probably not related to the Russian hacking group of the same name – made a for-sale post on a popular clear web hacking forum on 10 March.
“Australia 14 Million Leads,” the post read. “Details: first name, last name, email, address, city, state, postcode, mobile, dob.”
The poster included 120 lines of data to prove the validity of the data set, and the details appear legitimate. The 14 million sets of “leads”, as they’re called, are currently on offer for US$7,000.
Fancybear has some form when it comes to selling data like this. In the user’s .sig, they boast of “selling mobile numbers & email lists”, adding, “I have all kind [sic] of database consumer, crypto, forex, gamblers etc.”
A quick analysis of the emails on HaveIBeenPwned reveals that the data set appears to be a mix of previously leaked information and newly leaked material. Some emails in the list have been leaked at least half a dozen times, either in previously collated data sets like the 2.7 billion person Collection #1 dataset or in data breaches suffered by companies and websites such as MySpace and Twitter.
But there seems to be a large number of emails – and the names and addresses associated with them – appearing in this dataset for the first time. It appears that the seller has taken several previous Australian datasets and combined them with some new data to create what is, in effect, a new product to sell.
Datasets such as these are sold and moved on often, as we said. There were three Australian datasets in a list of possibly related threads below this particular post, ranging in size from 12,000 to 140,000.
With that in mind, it’s a good chance to remind everyone out there to check their own details in HaveIBeenPwned and look after their email accounts accordingly.
It’s also worth remembering that this data is more often than not public-facing in some way, and it’s the kind of data that many of us enter into any website that requires a sign-in or to take advantage of e-commerce.
Regardless, be careful where you save your data, and be wary of scammers taking advantage of lists like this for mass fraud campaigns.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
