Cyber Crime

Japan – Police discovered 18 Million Stolen login Credentials

Japan – The police has found on a server of a company more than 18 million login credentials, 90% of which belongs to customers of Yahoo Japan.

The Japanese newspaper The Yomiuri Shimbun reported that the Tokyo’s Metropolitan Police Department has arrested the president and a number of employees at the Tokyo-based Nicchu Shinsei Corp in November.

The authorities have found on a server of the company more than 18 million login credentials, roughly 1.78 million belong to customers of Yahoo Japan (90 percent), Twitter, Facebook, e-commerce company Rakuten and other websites.

In response, Yahoo Japan confirmed to have reset the passwords of all the affected accounts. The investigators have also discovered on the server a hacking tool used to brute force the target accounts, they also confirmed that the company servers had also been used to conduct illegal money transfers.

Why did the Japanese company store the login credentials?

The Nicchu Shinsei Corp allegedly offered its services to Chinese hackers, it provided stolen credentials and proxy services. The hackers used the login credentials to invite users in visit fraud websites, and steal reward points earned by victims.

Unfortunately, this isn’t the first time that the Japanese Police discover million of login credentials belonging to Japanese netizens stored on a server. Last year, the law enforcement seized a server containing 8 million stolen credentials, also in that case hackers used the machine as a proxy.

The Japanese Criminal underground is a criminal online community that is growing in a significant way despite it has a still highly stealthy underground economy.

According to the Japan’s National Police Agency cybercriminal activities until March 2015 increased 40% over the previous year.  On June 2015, the Japan’s Pension Service suffered a significant data breach that exposed more than one million users’ records.

The researchers consider Japan cybercriminal rings still newbies, due to the nation’s strict criminal laws Japanese criminals don’t write malware due to due to the severe penalties against such activities.

The experts noticed that Japanese Cybercrime Underground is very active in the illegal buying and selling of counterfeit passports, drugs, weapons, stolen credit card data, phone number databases, hacking advice and child pornography.

Japan criminals are increasingly targeting bank customers with malware-based attack. In the last year several threats were detected by security firm targeting Japanese users, including BroluxRovnix, Neverquest, Tsukuba, and Shifu.

Other worrying phenomena that are threatening Japanese users are the APT groups, recently the critical infrastructure of the country have been targeted by threat actors behind the Operation Dust Storm, meanwhile, another hacker crew dubbed Blue Termite hacked hundreds of organizations in various industries.

Pierluigi Paganini

(Security Affairs – Japan, malware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

2 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

16 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

22 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.