The Ukrainian Secret Service (SSU) arrested the hacker known by the name Sanix who was responsible for selling billions of hacked credentials on hacking forums and Telegram channels.
Sanix was arrested by the SSU in Ivano-Frankivsk, a city in western Ukraine. The name of the hacker was not revealed by the authorities.
Sanix who was first spotted in 2018 has a long history on underground hacking forums. He was a data broker who collected the data leaked from hacked companies and assembled the information in large lists of usernames and passwords.
He would then resell the data to other hackers on the cybercrime underground, such as spam groups, password crackers, account hijackers, and brute-force botnets operators.
Sanix, also worked under the nickname of Sanixer on Telegram and is the one responsible for assembling a series of user and password combos known as Collection #1, #2, #3, #4, #5, Antipublic, and others. These collections combine to form terabytes of data and billions of unique username-password combinations.
These collections were sold in private for years but some of these got leaked due to a dispute with another data broker named Azatej, the one behind Infinity Black, a web portal for selling stolen accounts.
During January 2019, these leaks got wide media attention and the world was introduced to the concept of “combolists” — large collections of old data, now turned into a hacker’s commodity.
Azatej, who first leaked Collection #1, and then the other collections, was arrested earlier this month in Poland by the Europol.
The SSU stated in a press release that they have found copies of Collection #1 on Sanix’s computer together with seven similar databases of stolen and broken passwords.
Besides the usernames and passwords collections, information about PIN codes for bank cards, cryptocurrency wallets, PayPal account logins, and DDoS botnets were also found in Sanix’s computer.
The SSU officials seized 2 TB of data, $3,000, and 190,000 Ukrainian hryvnias ($7,000) from Sanix’s residence.