‘Collection #1’ dwarfed by Collection #2-5
- 04 February, 2019 10:09
US security firm Recorded Future says that it believes that an individual known on a popular hacking forum as C0rpz is responsible for an 87GB dump of passwords and user names.
Collection #1 comprises more than 12,000 files from assorted data breaches, and includes 1,160,253,228 unique combinations of email addresses and passwords, Hunt revealed.
The dump is made up of “many different individual data breaches from literally thousands of different sources,” Hunt wrote in a blog entry.
Hunt said that although he recognised “many legitimate breaches” in the directory list, “it's entirely possible that some of them refer to services that haven't actually been involved in a data breach at all.”
Recorded Future said its analysis of Collection #1 found that it draws “from a wide variety of previous data breaches, some of which are two to three years old, and may not contain newly compromised accounts.”
“Multiple threat actors claimed to be the source of the data and were distributing these databases throughout the dark web, including the threat actor ‘Clorox,’” the Recorded Future blog entry states.
“However, Recorded Future assesses with moderate confidence that the original creator and seller of Collection #1 was the actor ‘C0rpz.’ Another actor from a well-known Russian hacking forum was also observed sharing a large database of 100 billion user accounts, which possibly has some of the same datasets found in Collection #1.”
Recorded Future’s research team Insikt Group said it had found a 17 January forum post created authored by an individual who called themselves ‘Clorox’ that included seven links to databases on MEGA, including Collection #1.
In addition to the 87GB Collection #1, Clorox linked to six other dumps: ‘ANTIPUBLIC #1’ (102GB), ‘AP MYR & ZABUGOR #2’ (19.49 GB), ‘Collection #2’ (528 GB), ‘Collection #3’ (37GB), ‘Collection #4’ (179GB) ‘Collection #5’ (41GB).
Clorox posted that the database obtained by Hunt was incomplete and “is only a fraction of the original dump known on the dark web as Collection #1,” Recorded Future reported.
The firm said its research indicated that an individual dubbed C0rpz had claimed as early as 7 January to be the original compiler of Collection #1. Another forum member (‘Sanix’) had attempted to resell Collection #1 after purchasing it from them, according to C0rpz.