14 DAY TRIAL // Tokyo police announced the discovery of over 18 million user credentials on a server of the Nicchu Shinsei Corp. company, who complicitly allowed Chinese hackers to use it in their attacks, The Japan News reports.
According to Japanese law enforcement, between June and November 2015, the hackers used the server as a relay for attacks on Japanese and international websites, among which were Yahoo Japan, Twitter, Facebook, shopping giant Rakuten, credit card company Mitsubishi UFJ NiCOS Co., and others.
Credentials for over 31 different Web services were discovered, and 1.72 million of them belonged to Yahoo Japan users. Besides usernames and passwords, some data records included information such as names and date of births.
Police arrested Japanese accomplices last November
At the end of November, Tokyo police arrested Nicchu Shinsei President and other staff members, but only two days ago did they reveal details about this case.
Police investigators are saying that the server also contained scripts that would allow the hackers to test which of these username and passwords combinations were valid.
Once the hackers had accessed the accounts, they would then use them to steal or award themselves bonus (reward) points, or to send unwanted advertising or spam to the victim's contacts.
A Chinese chat service could be at the core of the immense user data leak
Local law enforcement has also informed each of the companies for which user credentials were found, and asked each one to notify all of its affected customers and help them change their account passwords.
Additionally, the same server was also used in illegal money transfers that affected ten financial institutions.
Police have revealed that they may have a lead on how the hack of all these accounts happened, saying that most victims had one thing in common, being users of a popular Chinese chat service. Tokyo police have enlisted Interpol's help to make inquiries at the Chinese company.
A possible explanation may be that this service may have been compromised. Since some users have reused passwords on other sites, this allowed the hackers to break into other accounts and create some part of the huge 18-million pool.