How One ‘Hacker Monitoring Site’ is Actually Making Things Worse

on October 26th, 2016
Data analytics

Collecting data on data breaches and making it available to the public is a good thing, right? Experts say it isn’t, at least in the case of LeakedSource. LeakedSource is a huge online repository of data on stolen databases. According to industry experts, it’s actually making hacking easier. This master list most likely contains your (yes, your) email address, any online accounts related to that email address, and maybe even your passwords. This online stolen-data resource isn’t just useful for data analytics and cyber forensics. It’s also useful for re-victimizing the victims of data breaches.

Where LeakedSource’s Data Comes From

The data comes from numerous high-profile data breaches, most of which you’ve probably already heard about, such as MySpace, Dropbox, LinkedIn, and many others. The site markets itself as a monitoring site for data breaches, and contains many intricate details on the nature of the hacks (both old and new breaches), and does, in fact, alert the media about hacks as they are discovered.

What Hackers are Using LeakedSource For

But this “data analytics” resource also contains some things that might not be exactly legal. For instance, LeakedSource features a search function that allows visitors to look up the information that was actually stolen during a breach. Chances are, this feature is an attractive one to beginner hackers looking for easy access and low-hanging fruit.

LeakedSource offers subscriptions for $2 USD per day. For this fee, any user can enter an email address or user name into the search function and pull up details on what online accounts were created with that email address. Additionally, the service will actually help the subscriber crack the passwords associated with those email addresses and online accounts, which most critics say is data analytics dirty pool.

This little feature has landed LeakedSource on a number of hacking forum groups, including HackForums.net, which news service Reddit called a breeding ground for “script kiddies”. Script kiddies are people who don’t have hacking skills of their own, but instead use computer code or scripts written by someone else to do their dirty business.

What’s Really Going On

Reportedly, one of LeakedSource’s subscribers has offered an $8 e-book on using this resource for hacking, and other subscribers offer their own advice and expertise on using this resource for hacking social medial accounts, dumping a victim’s personal files on the Internet, or other nefarious forms of data analytics.

So far, LeakedSource is declining to comment on the legal status of their website. The service is operated anonymously, and publicly denounces hacking. Yet as early as October of last year, the website had been advertising its services on HackForums.net. LeakedSource neglected to respond to direct questions about those promotional activities. They claim that everything they provide is already available on the internet.

In an email that referenced links to stolen databases that belonged to LinkedIn and MySpace, LeakedSource responded to the media by stating, “Before people start pointing fingers at us, anyone is free to download well over a billion records from the clear web.” The site’s operators claim that they only collect data already stolen by other hackers, usually obtaining their data from the Dark Web or by donation from hackers, who obviously choose to remain anonymous.

It remains to be seen whether or not law enforcement will side with LeakedSource or their rather outspoken and continually growing number of critics.

Staying up on the latest news and trends involving data analytics isn’t easy. Give yourself a much-needed break and follow us on Twitter.