Logins and passwords for about 2.9 million people were found on a computer seized from a 30-year-old man who was arrested in February for allegedly illegally accessing another person’s online account.
The Kanagawa Prefectural Police served a fresh warrant Monday morning for the man, a Chinese national and company employee in Tokyo, over similar charges relating to a law banning unauthorized computer access.
Police also discovered 100 million email addresses on his computer, investigative sources said.
Investigators suspect the man siphoned the information through phishing, or having people type in information on a fake site, or found them on the "dark web," a part of the internet accessible only through specialized anonymity-providing tools. He has denied the charges. There was also a software program to conduct phishing on his computer, according to NHK.
According to the Council for Anti-phishing Japan, a record 960,000 phishing cases were reported in 2022, up about 440,000 cases from 2021.
In February, the man was arrested on suspicion of fraudulently using another person’s account to buy 12 cartons of heated cigarettes worth ¥69,925 at a convenience store in Tokyo’s Edogawa Ward. He is also suspected of illegally accessing another person’s account for Mercari, an online flea market, 12 times between 2021 and 2022.
Police believe the man was the leader of a group — all Chinese nationals between the ages of 19 and 32 — conspiring to gain personal data, according to NHK.
Kanagawa police’s cybercrime division has set up a joint task force over the case with the prefectural police of Iwate, Saitama, Fukuoka, Chiba, Shizuoka, Ibaraki and Yamagata.
The Council for Anti-phishing Japan is calling on people to refrain from clicking website links sent via email, or make sure the website link is legitimate.
Information from Kyodo added