Security experts at the threat intel firm Recorded Future, have discovered the hacker who allegedly created and offered for sale the massive collection known as Collection #1.
The ‘Collection #1’ archive was discovered by the cyber security expert Troy Hunt, it included 773 million records.
The responsible for the sale of the huge trove of data goes online by the moniker of “C0rpz.” C0rpz has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses and passwords
According to Hunt, there are 1,160,253,228 unique combinations of email addresses and passwords, while the unique email addresses
“Recorded Future assesses with moderate confidence that the original creator and seller of Collection #1 was the actor “C0rpz.
“Another actor from a well-known Russian hacking forum was also observed sharing a large database of 100 billion user accounts, which possibly has some of the same datasets found in Collection #1. “
Collection #1 was included in a larger dump containing seven other databases:
While the AntiPublic dump had already leaked online, the remaining ones were seen for the first time in the hacking underground last month.
According to Recorded Future, C0rpz sold the archives to other hackers that offered them for sale on multiple hacking forums, the collections were also distributed for free via online sharing service MEGA and via torrent magnet links.
Sanix and Clorox are two hackers who bought the data from C0rpz, the former was identified by the investigator Brian Krebs as the source of Collection 1, the latter is the individual who shared Collection for free on Raid Forums.
All the hackers mentioned by Recorded Future were seen for the first time by the experts of the company a
(SecurityAffairs – credential stuffing, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.