Three defendants charged in largest data breach ever
The US Department of Justice has released a statement regarding a case on the largest data breache ever.
Three defendants were charged with stealing over a billion email addresses from email service providers. One of the defendants has already pleaded guilty.
The three defendants consist of two Vietnamese citizens who reside in The Netherlands, and one is from Canada. The Canadian citizen is charged with conspiring to launder the money gained with the massive data breach.
Quoting the release:
“These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant Attorney General Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”
Multiple email service providers in the United States were attacked in this large scale data breach. The financial result of the largest data breach ever was several millions of dollars. The hackers were not just stealing the sensitive data, which included names and email addresses. They used the platforms of several email service providers to send out emails on their own behalf, reaping the benefits of traffic directed to certain websites.
At least eight email service providers (ESPs) in the United States were the target of attacks between February 2009 and June 2012. After the breach, the data was used to spam tens of millions of email addresses. The third defendant was charged with conspiracy to commit money laundering for helping the hackers to generate revenue from the “spam” and launder the proceeds.
One of the three defendants is still a fugitive, while the others have been placed under arrest. The defendant residing in The Netherlands was arrested in 2012, and was extradited to the United States in 2014.
You can find the full release on the data breach on the United States Department of Justice website here.