loader gif

Hacker behind Collection #1 credential database identified

Hacker behind Collection #1 credential database identified
  • The threat actor was believed to be working on this breach for over two to three years.
  • Known by the pseudonym ‘C0rpz’, it was hinted that there was more than one entity involved in the data leak.

Days after Collections #2-5 were made public, the original author of the infamous Collection #1 data leak has now been identified by security firm Recorded Future. Going by the pseudonym C0rpz, the person is believed to be the main entity behind the massive 773 million record breach.

When the firm analyzed the leaked data, it concluded that the first collection was collated with data from previous breaches. “Many of the account credentials contained in Collection #1 are from a wide variety of previous data breaches, some of which are two to three years old, and may not contain newly compromised accounts,” reported Recorded Future in its blog.

On the other hand, the security firm suggests that C0rpz is the author of Collection #1 with ‘moderate confidence’ and points to another threat actor called ‘Clorox’. Together, many players might also be involved in the data collection.

A larger collection in the ploy

When Recorded Future examined further, it found that Collection #1 was part of a series of seven databases which were hosted on cloud storage service Mega. Apparently, these databases formed the entire collection of user data that was captured by the attackers.

These databases were around 993.53 GB of data consisting of ‘three different variations of user credentials: email addresses and passwords, usernames and passwords, and cell phone numbers and passwords.’

The seven databases leaked are as listed below.

  1. “ANTIPUBLIC #1” (102.04 GB)
  2. “AP MYR & ZABUGOR #2” (19.49 GB)
  3. “Collection #1” (87.18 GB)
  4. “Collection #2” (528.50 GB)
  5. “Collection #3” (37.18 GB)
  6. “Collection #4” (178.58 GB)
  7. “Collection #5” (40.56 GB)
loader gif