Data of 200 million Japanese for sale in a hacker forum

Share this…

A malicious actor was found operating outside of China, selling the data of approximately 200 million Japanese users in a clandestine cybercrime forum, according to a FireEye iSIGHT Intelligence report.

According to information security experts, the data seems to have been gathered by hacking about 50 small Japanese sites and put up for sale as a large file in December 2017.


After an analysis of a sample of data, professionals identified the hacked targets as small Japanese websites are activated in the retail, food and beverage, financial, entertainment and transportation sectors.

FireEye’s information security experts say the data is authentic, as it contains data about users whose personal information has been leaked in other infractions, but also contains data from new users.

The mix of new and old data is confirmed by other clues that suggest that some data come from leaks that took place in 2016.

The filtered data varies depending on the website from which they were stolen, but includes real names, email addresses, birth dates, phone numbers and private addresses, experts said.

The price for the file is ¥ 1,000 CNY, about $ 150.96 USD. In the forum in which the hacker was selling the data, several actors commented that they bought the PII cache but did not receive the files. It is not clear if these comments are true.

While the data sold does not contain very confidential information, the stolen information may facilitate identity theft, spam, malware propagation and fraud. Some inconsistencies remain about the origin of some of the data:

japan 1

The professionals managed to trace the online identity of the malicious actor to social network identification QQ, which is also linked to the online personality of another hacker. “The QQ address is connected to a person in the Chinese province of Zhejiang,” the researchers said.

This person seems to have been active since 2013. FireEye information securityprofessionals commented that the malicious actor has been linked to the sale of data in multiple forums: data from companies in other countries, such as China, Taiwan, Hong Kong, Australia, New Zealand and countries of America.