A hacker suspected to be operating out of China has been seen peddling the data of around 200 million Japanese users on an underground cybercrime forum, according to a FireEye iSIGHT Intelligence report shared with Bleeping Computer.
The data appears to have been assembled by hacking up to 50 smaller Japanese sites and put up for sale as one big giant archive in December 2017.
After analyzing a sample of the data, researchers say they've identified the hacked targets as small Japanese websites activate in the retail, food and beverage, financial, entertainment, and transportation sectors.
FireEye believes the data is authentic and not forged because it contains data on users whose personal info had been leaked in other breaches, but also data for new users.
The mixture between new and old data is also confirmed by other clues suggesting some data comes from hacks taking place in June 2016, but others go as far as May 2013.
The user leaked data varies depending on the website from where it's been stolen, but usually includes real names, email addresses, dates of birth, phone numbers, and home addresses.
The price for the entire archive is ¥1,000 CNY ($150.96 USD). Several actors commenting on the forum thread where the suspected Chinese hacker was selling his data commented that they've bought the PII cache but did not receive their files. It is unclear if these comments are true, or if these were made by other data sellers trying to sabotage their competition.
FireEye says it tracked the hacker's online persona to a QQ social network ID that is also linked to another hacker's online persona. This second hacker persona received bad reviews and had a bad reputation as well.
"This QQ address is connected to an individual living in China's Zhejiang province," researchers said about the hacker's real location.
This same persona seems to have been active online since 2013, the year of the oldest data included in the Japanese files. FireEye says the hacker has been linked to selling data on multiple Chinese hacking forums —data belonging to companies in many other countries such as China, Taiwan, Hong Kong, European countries, Australia, New Zealand, and North American countries.
While the data sold in this most recent dump does not contain very sensitive information, the stolen information can still facilitate identity theft, spam, malware propagation, and fraud. Although, some inconsistencies remain about the origin of some of the data:
Where did the rest 72,778,918+ people come from?? pic.twitter.com/8o7velbb2m— Anonymous संघी युवक (@anonBrook) May 20, 2018