Canadian man charged over leak of 3 billion hacked accounts

27-year-old Jordan Evan Bloom stole information during massive hacks of websites including LinkedIn and the Ashley Madison online dating service.
27-year-old Jordan Evan Bloom stole information during massive hacks of websites including LinkedIn and the Ashley Madison online dating service.PHOTO: BLOOMBERG

TORONTO (REUTERS, AFP) - A Canadian man accused of operating the LeakedSource.com website, a major repository of stolen online credentials, appeared in a Toronto court on Monday (Jan 15) charged with trafficking in billions of stolen personal identity records.

The site, which was set up in 2015 and shut down in early 2017, had collected around 3 billion personal identity records and associated passwords from a string of major breaches and made them accessible and searchable for a fee.

A similar site has since emerged whose servers Canadian police believe are located in Russia.

The man, 27-year-old Jordan Evan Bloom, is accused of administering the site and collecting C$247,000 (S$264,000) from the sale of stolen records and associated passwords, the Royal Canadian Mounted Police (RCMP) said.

The information was stolen during massive hacks of websites including LinkedIn and the Ashley Madison online dating service.

Some of the data could also be used to access other popular websites if the hacked user used the same password and username combination, according to police.

The charges against Bloom include trafficking in identity information, mischief to data, and possession of property obtained by crime, the RCMP said.

Imran Ahmad, a cybersecurity lawyer at Miller Thomson in Toronto, said the charges come with maximum sentences of between five and 10 years in prison.

He said it was likely that Bloom was working with others in running the site, and that the money police say he collected was likely only a portion of the site's overall haul.

"Cyber criminals typically have an underground network of collaborators and given the size of the database and scope of the endeavour, I suspect others were likely involved," Ahmad said via email.

The RCMP said Bloom was the sole operator of the Canadian website and that their investigation is closed.

Bloom was charged on Dec 22, the RCMP said, as part of its cybercrime team's investigation, dubbed Project Adoration.

The RCMP said the assistance of Dutch national police and the United States' Federal Bureau of Investigation was "essential to the investigation."

Bloom is due back in court on Feb 16, CBC News said.