An Ontario man faces several criminal charges for allegedly peddling information from an online database containing 1.5 billion usernames and passwords.
The arrest announced Monday by the RCMP provides a glimpse into the murky layers of the so-called dark web — the shadowy, underground corners of the internet — and highlights the perils of staying secure in cyberspace.
The Mounties accuse Jordan Evan Bloom of Thornhill, Ont., of selling stolen personal identities through the website Leakedsource.com, which held a total of some three billion pieces of sensitive data.
Bloom, 27, is charged with offences including trafficking in identity information, unauthorized use of a computer, mischief with data and possession of property obtained by crime.
Bloom allegedly assembled the extensive database through the dark web, where he obtained personal information stolen by hackers in recent years from domains like networking site LinkedIn and extramarital affair hub ashleymadison.com, RCMP Staff Sgt. Maurizio Rosa told a news conference Monday.
Bloom is alleged to have earned about $247,000 by selling data.
“Jordan Bloom essentially acted as a middleman between the dark web and the internet that most of us use every day,” Rosa said.
The police operation began in 2016 when the RCMP learned that Leakedsource.com was being hosted by servers located in Quebec. The site has since been shut down.
Rosa said it is safe to say that several Canadians were affected — he could not provide a precise number — and may still be at risk due to the information being available on line through various dark web sites.
Canadians should know that when they reuse passwords across different websites and for internet-based services, the password — if stolen — could be compromised on an ongoing basis, he said.
He urged people to follow safe cyberpractices discussed on the RCMP website and to report online security violations to the police. “We know that these crimes are underreported and we know that we do not have all the answers to be able to combat these crimes.”
Rosa thanked the Dutch National Police and the U.S. Federal Bureau of Investigation for help on the case.
“Most cybercrimes don’t recognize borders, and this case was no different.”
Jim Bronskill, The Canadian Press