Hacker behind largest-ever data heist arrested in Ukraine

Ukrainian authorities have arrested a hacker accused of orchestrating one of the biggest data leaks in history. The man, only known as Sanix, allegedly publicized a database with over 700 million email addresses, digital currency wallet credentials and other personal data.

The Security Service of Ukraine (SBU) arrested the hacker, acting on a tip that he resided in Ivano-Frankivsk, a region in Western Ukraine. Authorities raided his house, arrested him and seized computers that had 2 terabytes worth of stolen data. They also seized phones and over $10,000 in cash.

Sanix now faces charges of unauthorized interference with computers and unauthorized sale of information. If convicted of both, he faces up to eight years in prison.

Sanix grabbed headlines in January 2019 after he released what came to be known as Collection #1, a database containing over 772 million unique email addresses. According to security researcher Troy Hunt, Sanix published the data on a popular hacking forum. He also made it available briefly on the MEGA cloud service. He claimed that he had aggregated over 2,000 leaked databases to compile Collection #1.

The leaked data contained personal emails and passwords, including credentials for digital currency wallets. It also contained PIN codes for debit cards, PayPal account credentials and DDoS botnets.

Sanix, who went by Sanixer on Telegram, also leaked other databases, including Collections #2, #3, #4 and #5, as well as Antipublic. Collectively, these leaks exposed billions of unique username-password combinations.

Initially, Sanix sold access to the data for a modest $65. However, a fellow hacker known as Azatej leaked the data to a public forum after falling out with Sanix, authorities said. Azatej, who operated a hacking group known as Infinity Black, was arrested earlier this month by Europol.

Hackers have continued to be a menace, and their use of digital currencies has continued to give the industry a bad name. Most hackers tend to demand ransom in digital currencies under the misguided assumption that digital currencies are anonymous. However, as many have come to find out, privacy and anonymity are very different.