Canadian Man Charged in Massive Data Breach Operation
Canadian law enforcement has apprehended an individual in Ontario for allegedly running a website that amassed stolen personal identity records from approximately three billion online accounts. The accused, Jordan Evan Bloom, 27, from Thornhill, is connected to LeakedSource.com, a site known for compiling data from extensive public breaches and monetizing access, including plaintext passwords.
According to the Royal Canadian Mounted Police (RCMP), Bloom’s website was operational since late 2015, during which it gathered vast repositories of personal information from significant data breaches involving high-profile sites such as LinkedIn, VK.com, Last.FM, Ashley Madison, MySpace, Twitter, and others. Users could search and access this information for a fee, effectively commodifying stolen personal data.
Following a law enforcement raid, LeakedSource.com was shut down and its associated social media accounts took down earlier this year. Nevertheless, another site with the same domain, hosted on servers in Russia, continues to function. Investigators suggest that Bloom generated nearly $200,000 through the sale of compromised personal records.
Bloom faced multiple charges in a Toronto court, including trafficking in identity information, unauthorized computer use, data mischief, and possession of property obtained through criminal means. An investigation labeled Project Adoration led to his arrest on December 22, 2017, a collaborative effort incorporating resources from the Dutch national police and the FBI.
The RCMP Cybercrime Investigative Team emphasized that the case showcases the financial incentives driving cybercriminals. “This investigation is associated with claims regarding a website operator accused of earning substantial sums by selling personal information,” the team stated. They reiterated their commitment to combating online criminality in collaboration with both national and international partners.
From a technical standpoint, Bloom’s activities likely involved several tactics as outlined in the MITRE ATT&CK framework. Initial access may have been acquired through stolen credentials from various breaches, while persistence could be evidenced through the establishment of the website for ongoing access to the compromised data. Privilege escalation techniques might have been employed to enhance his ability to sell or manipulate the data further.
Bloom remains in custody and is scheduled for a court appearance on February 16. Legal experts, including cybersecurity attorney Imran Ahmad, have indicated that Bloom could receive a maximum prison sentence of 10 years should he be convicted.
For business owners and cybersecurity professionals, this incident serves as a stark reminder of the vulnerabilities associated with personal data online and the continuing criminal tactics that exploit these weaknesses. Awareness and proactive measures remain crucial in safeguarding sensitive information against similar breaches.
