Investigators have found 7.85 million passwords, credit card numbers and other pieces of stolen personal information on an Internet server seized last year from a Tokyo-based firm that provided proxy servers for Chinese users, Tokyo police said Friday.
The inventory totaled 5.06 million items when subtracting duplications, and the server also contained three kinds of hacking tools, the Metropolitan Police Department said.
The police believe the IDs and passwords are being used for cybercrime by a China-based group, having received a report of unauthorized access stemming from use of the data. Analysis is ongoing, the department said.
The data and hacking tools were found on one of 52 servers seized during a raid last November on the office of SUN Techno in Tokyo's Toshima Ward, on suspicion of illegal computer access.
The tools are designed to confirm whether the stored IDs and passwords can be used for specific websites by repeatedly trying to access them. They falsify the IP address identifying the access point, changing it each time.
The server also had about 59,000 sets of usable IDs and passwords sorted by the tools listed, the police said.
SUN Techno's servers have already been found to contain phishing websites aimed at Japanese and South Korean financial institutions and the IDs and passwords of people who bank online in both countries.