A dataset of 200 million PII exfiltrated from several Japanese websites offered on underground market

Pierluigi Paganini May 19, 2018

FireEye iSIGHT Intelligence discovered on the underground market a dataset allegedly containing 200 million unique sets of personally identifiable information stolen from several popular Japanese websites.

Security experts from FireEye iSIGHT Intelligence have discovered on underground forums a dataset allegedly containing 200 million unique sets of personally identifiable information (PII) stolen from several popular Japanese website databases.

It’s likely the data was taken via opportunistic compromise.

In reality, the dataset was discovered in an instant messenger group for sharing and offering data.

The huge trove of data was first discovered in December 2017, the archive was offered by a Chinese user at around $150.

Stolen records included names, credentials, email addresses, dates of birth, phone numbers, and home addresses.

The huge archive is composed of data stolen from Japanese websites of a variety of industries, including those in the retail, transportation sectors, food and beverage, financial, and entertainment.

According to the experts, data was raked between May and June 2016, the threat actor has offered for sale site databases on Chinese underground forums since at least 2013.

“Yes, we’ve observed actors who were selling Japanese PII data or interested in purchase,” said Oleg Bondarenko, senior manager for international research at FireEye. “However [we] have never observed at such scale.”

Many users commented on the advertisement demonstrating their interest for the data, but some of them provided negative feedback because they did not receive the purchased database.

“The data was extremely varied and not available through publicly available data sources; therefore, we believe that the advertised data is genuine,” states FireEye.

Experts believe data was genuine, they noticed that most of the email addresses out of a random sample of 200,000 belong to major third-party leaks.

“Since we did not observe most of the leaked data in any dataset as coming from one specific leak or on any publicly available website, this also indicates that the actor is unlikely to have bought or scraped the information from data leaks and resold it as a new product,” continues FireEye.

Japanese websites

The analysis of another sample composed of 190,000 credentials revealed that 36% contained duplicate values and the presence of a huge numbed fake email addresses.

The seller was offering data stolen from websites in China, Taiwan, Hong Kong, European countries, Australia, New Zealand, and North American countries.

“Since much of this information has been previously leaked in large-scale data leaks, as well as the possibility that it has been previously sold, we anticipate that this dataset will not enable new large scale malicious activity against targeted entities or individuals with leaked PII,” FireEye concluded.

According to the officials, the scale of the data put up for sale is unprecedented for Japan.

FireEye is warning Japanese government offices and affected businesses. They say the information could be used to carry out cyberattacks on Japan.

Masatomi Iwama, an executive of FireEye’s Japan branch, explained that people must be careful about their security hygiene.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Japanese websites, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment