1 Billion Email Addresses Allegedly Stolen
By Mathew J. Schwartz, March 9, 2015.
The U.S. Justice Department says three men have been charged in connection with what they say is the biggest-ever email address breach. The incident allegedly resulted in the theft of more than 1 billion email addresses from more than 100 different businesses and left at least 60 million consumers at risk from follow-on spam and phishing attacks. Two of the men who have been charged are now in U.S. custody, but one remains at large.
See Also: Mobile Deposits & Fraud: Managing the Risk
Related Content
Related Whitepapers
As part of the case, two Vietnamese citizens – Viet Quoc Nguyen (a.k.a. Vandehiu, Peter Nguyen), 28, and Giang Hoang Vu (a.k.a. Lee Vu), 25, who were both residing in the Netherlands – have been charged with hacking into U.S. email service providers. In addition, Montreal-based Canadian David-Manuel Santos Da Silva (a.k.a. Jake, Lusitano), 33, was charged with helping the two men knowingly convert stolen email addresses into $2 million in profits via his affiliate-marketing company, called 21 Celsius, which operated a site called Marketbay.com.
“These men – operating from Vietnam, the Netherlands, and Canada – are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” says Assistant Attorney General Leslie R. Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers.”
Nguyen was allegedly behind data breaches at multiple email service providers, including Epsilon Data Management, an online marketing unit of Alliance Data Systems Corp. The company notified customers in April 2011 that it had detected a network intrusion the previous month that had exposed confidential data, including email addresses for customers of such banks as Capital One, Chase, Citi, U.S. Bank and Visa, as well as customers of businesses ranging from Kroger and Marriott International to Verizon and Walgreens. Ultimately, email addresses from more than 100 companies and brands were reportedly exposed by the breach.
According to a 29-count indictment against Nguyen and Vu, which was filed in 2012 and only fully unsealed last week, Nguyen – who’s described as a “computer hacker” – targeted at least eight ESPs via phishing attacks from February 2009 until June 2012. When employees at the targeted ESPs opened the messages, their PCs were potentially infected with malware that created a backdoor on the system, allegedly allowing Nguyen to gain direct, unauthorized access to the system and download any customer data being stored there. In other cases, authorities say that the phishing attacks resulted in a keylogger being installed, which intercepted account log-in information and routed it to the attackers. In some cases, the court documents say, Nguyen commandeered the hacked ESPs’ systems to launch follow-on phishing attacks against other ESPs.
Affiliate Marketing Scheme
Nguyen used tens of millions of stolen email addresses in email marketing campaigns that were designed to direct recipients to sites with which he was associated, according to court documents. “Nguyen was paid by an affiliate-marketing company a percentage of all sales completed through those websites, thereby obtaining money from the unauthorized email campaigns,” the court documents allege.
Vu has been charged with helping Nguyen by sending unauthorized email campaigns, as well as producing related artwork and helping to build affiliate-marketing websites.
Biggest-Ever Data Breach: 3 Charged
Keine Kommentare:
Kommentar veröffentlichen