Canadian police have charged a man in connection with selling stolen identity information through the infamous Leakedsource website.
Jordan Evan Bloom, 27, from Thornhill Ontario, was arrested by the Royal Canadian Mounted Police (RCMP) back in December — the culmination of an operation begun in 2016.
Project Adoration began after intelligence revealed that Leakedsource was being hosted in Quebec.
The now-defunct site had a database of around three billion passwords and “identity records” available to purchase, with Bloom making an estimated C$247,000 ($200,000) from the business.
The FBI and Dutch police are also credited with providing crucial information that helped the RCMP’s Cybercrime Investigative Team.
“This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,” said officer in charge, inspector Rafael Alvarado. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality."
Bloom made his first appearance in court on Monday charged with several offenses including “trafficking in identity information,” unauthorized use of a computer and possession of property obtained by crime.
It’s unclear whether he was acting alone or if police are currently tracking accomplices.
The database contained information breached from MySpace, LinkedIn and other major companies.
It calls to mind a more recent discovery of 1.4bn clear text credentials searchable via a single database found on the dark web in December.
Such activity should be another reminder that static log-ins are an ongoing security risk to both consumers and organizations — providing ample information to hijack accounts and craft convincing phishing emails to elicit even more sensitive information.