When a data breach happens, the data that is collected does not just disappear. Often times, it is collected and sold to the highest bidder. Sometimes, that bidder can make the information publicly available, usually for a fee. One of the sites that collects and disseminates this information is LeakedSource, which makes the information searchable with a recurring membership. The site, and others like it, claim that they make the information available so that people can search to see what information is available about themselves.
Unfortunately, as soon as the information is searchable, it is available. Instead of searching for yourself, for example, you could search for Alphabet CEO Larry Page. Maybe he used a credit card at Home Depot or Target, or once had a Yahoo email account, whose password might still be in use on another service. If someone with nefarious intentions were to perform that search, it's possible that they could accomplish their goals with the information found.
This week, the site vanished, and the smart money is on a raid by law enforcement, looking for evidence of illicit behavior from the company. Management has been silent on social media, not indicating that the site is even offline, let alone raided. Once such behavior that might be in question, according to "Keen" who operates another notification service, is the purchase of stolen data. Rather than collecting publicly, or semi-publicly, available data sources, Keen claims that LeakedSource has been exclusively purchasing stolen data.
Obviously, paying for data in this manner for a site that makes the data available, encourages others to do it for the profit. Keen's evidence of this behavior is the existence of data from the E-Sports Entertainment Association (ESEA) breach, which was never made public. In fact, only the original hacker and the site had the data. That is pretty incriminating evidence against the site, no matter how circumstantial.
Obviously data breaches are something that will not go away any time soon, but to create an environment where it is easily profitable for a hacker to make the attempt is not just criminal, it's unbelievably stupid. There was no way that this would be left alone, and prison is not a place that treats cyber criminals kindly.read more...