Home News Ukraine Police Busts “Megabreach” Cybercriminal, Sanix

Ukraine Police Busts “Megabreach” Cybercriminal, Sanix


The Security Service of Ukraine (SBU) identified and detained a cybercriminal known by the name of Sanix, who is reportedly the face behind the “Megabreach,” which took place early last year. This operation was carried out jointly with the cyber police and the National Police investigators of Ukraine under the procedural guidance of the Prosecutor’s Office. The authorities additionally found two terabytes worth stolen data during the raid.

The “Megabreach” Cybercriminal

In early 2019, Sanix announced the sale of a database consisting of nearly 773  million email addresses and 21,000 unique passwords. This was big news at the time as the data set, which he put on sale, was probably the largest stolen data set in recent history. However, a popular cybersecurity researcher and writer Brian Krebs on his blog said that although the stolen data set seemed to be large,  as it was possibly collected from previously executed data breaches.

SBU said that they recovered an 87 GB database, which was only a small fraction of the actual misappropriated data. Sanix at least had seven other such databases consisting of stolen and broken passwords, which amounted to almost a terabyte and included personal and financial data of citizens from the European Union and North America. SBU also confirmed that Sanix sold “databases with logins and passwords to e-mail boxes, PIN numbers to bank cards, BTC e-wallets, PayPal accounts, as well as information about computers broken for further use in botnets and DDoS attacks.”

The evidence of his illegal activities was also collected during the raid as the authorities confiscated his computers and mobile phones used in the cybercriminal acts. Additionally, hard cash worth UAH 190,000 (approximately US$7,308) and more than $3,000 earned from these acts were also recovered. Owing to this evidence, under Part 2 Art.361, Part 1 Art.361-2 of the Criminal Code of Ukraine, Sanix will now undergo a trial for unauthorized interference with computers and unauthorized sale or dissemination of restricted computer-stored information.