Reader Comments

Ukraine authorities bust hacker trying to sell 21M stolen passwords

by Holly Wilkes (2020-05-27)

2 years agoUkraine authorities say they've arrested a suspect behind a cache of 773 million stolen passwords and usernames. 

According to KrebsOnSecurity, the Security Service of Ukraine (SBU) said it detained a hacker known as Sanix in association with the stolen data set which first came to light last year.

In addition to the 87 GBs of stolen data, which included 21 million unique passwords, botnet Ukranian authorities say they also uncovered similar databases that contained financial information on European and North American citizens. 

A hacker known as Sanix was arrested in connection with a stolen data set containing 773 million passwords and usernames (stock)

In all, a raid on the suspect's house turned up two terabytes of stolen data according to the SBU. 

As noted by KrebsOnSecuity, while the cache of passwords was at the time labeled 'the largest collection of stolen data in history' much of the data had actually been previously leaked in old data breaches and was simply compiled by Sanix.

According to Ukrainian authorities evidence found on the suspect's computer included:





Paleontologists uncover remains of a 33-FOOT long megaraptor... Spiders that hunt in packs can bring down prey more than 22... Climate change could spark a 'dust bowl' in the US that is... No kidding! Goats can understand gestures like pointing just...

Share this article



'logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.' 

As noted by KrebsOnSecurity, outside of that particular trove of passwords and usernames, Ukranian officials may have had other reasons to arrest Sanix.


Cyber security firm Intel 471 reports that Sanix had been selling credentials that would allow customers to access large organizations including four dozen universities from across the world.

Among the credentials was also access to a VPN used by the government in San Bernadino California. 

As noted by KrebsOnSecurity, the extent of Sanix's databases of personal information underscore the need to maintain adequate password standards and adopt extra security measures like two-factor authentication. 

Read more:

Ukraine Nabs Suspect in 773M Password ¿Megabreach¿ ¿ Krebs on Security