Jerry Sliwowski - Fotolia

LeakedSource operator could face up to 10 years in jail

Canadian man accused of selling stolen identities and passwords on website

A Canadian man has appeared in court in Toronto charged with selling billions of pieces of stolen digital information online.

Jordan Evan Bloom, from Thornhill, Ontario, is alleged to have used the website LeakedSource.com to sell stolen identities and passwords.

LeakedSource.com, claimed to be a breach notification site to raise awareness around hacking, is believed to have been in operation from 2015 to early 2017, when it was shut down by police.

Bloom is said to have collected about three billion pieces of stolen digital information belonging to millions of people harvested from various data breaches around the world, including MySpace and LinkedIn.

He reportedly offered access to the data for a fee, and anyone who paid for a subscription to LeakedSource was able to browse the data, which included personal details such as names, usernames, email addresses and passwords.

Bloom is alleged to have been responsible for administering the LeakedSource.com website and is said to have earned $198,500 (£144,000) from trafficking identity information, according to the Royal Canadian Mounted Police (RCMP).

The RCMP’s national cyber crime investigation team conducted an investigation into the website as part of its Project Adoration, with assistance from the FBI and the Netherlands national police.

The operation began in 2016 after the Canadian police department became aware of the website, which was hosted by servers in Quebec.

As a result of the investigation, Bloom was charged on 22 December 2017 with trafficking in identity information, unauthorised use of a computer, mischief to data, and possession of property obtained by crime.

Rafael Alvarado, head of the RCMP’s cyber crime team, said the investigation was part of continued efforts to work with national and international organisations to tackle cyber crime.

Read more about cyber crime

“This investigation is related to claims about a website operator alleged to have made thousands of dollars selling personal information,” he said. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.”

Toronto-based cyber security lawyer Imran Ahmad told Reuters that a maximum sentence could see Bloom jailed for five to 10 years.

The RCMP also said Bloom was the only operator of LeakedSource and that the investigation was now closed.

However, Ahmad said he suspected Bloom was probably working with others and the money collected was likely to be part of a bigger haul.

“Cyber criminals typically have an underground network of collaborators and, given the size of the database and scope of the endeavour, I suspect others were involved,” he said.

Bloom remains in police custody and is expected to reappear in court on 16 February. ............................................................................. ...............................................................................................

Read more on Hackers and cybercrime prevention