200 million Japanese netizens’ personal data offered on the underground market

In a survey released on Thursday, May 17th, the cybersecurity company FireEye stated that the company’s security team has discovered a set of data sets being sold on underground hacking forums. These datasets involve a large number of sensitive information includes personal identity information (PII) of more than 200 million Japanese netizens.

According to the report description, these data sets were discovered in early 2017, and a cyber hacker suspected of living in China’s Zhejiang Province is advertising for the sale of these data sets. The contents of the data set include name, login credentials (account number and password), email address, date of birth, phone number, and home address.

The advertisement claims that the data set contains more than 200 million unique account verification information sets, and the data is extracted from the database of many popular websites in Japan, and the price is only $150.

The report pointed out that the data itself covers a number of industries, including retail, food, beverages, finance, entertainment, and transportation. From the creation date of the folder, most of this data was stolen from May to June 2016, and the rest can be traced back to May and July 2013.

After an in-depth analysis of these data sets, FireEye’s security team stated that the data set does contain more than 200 million pieces of information, presumably from 11 to 50 sites in Japan. In addition, many of these data do not exist in data sources that were previously publicly disclosed, so the data itself is considered to be authentic.

In order to verify the authenticity of the data, the researchers randomly selected 200,000 e-mail addresses from the dataset for comparison, most of them from previously reported data leakage incidents. From this point of view, these data sets are not forged for the purpose of sale. In addition, the researchers also collected more than 190,000 log-in credentials for comparison, of which more than 36% matched the data in previously publicly disclosed data sources.

As mentioned at the beginning of the article, FireEye’s survey results showed that the “seller” was suspected of living in China’s Zhejiang Province, and two other suspects were associated with their QQ address. In addition to stealing data from Japanese websites, the data it sells includes numerous websites in China, European countries, Australia, New Zealand, and North America.

Although FireEye believes that these data sets originate from random, illegal access, target activities for specific organizations and many data come from previously disclosed data disclosure times, these data being sold may still be used for phishing or Cyber fraud activities. FireEye is currently issuing warnings to affected Japanese government agencies and companies and reminding Japanese netizens to modify the password being used to avoid potential security threats.

Source: securityweek