RCMP link Ontario man to LeakedSource.com, home of 3 billion hacked accounts

An Ontario man is accused of running a website infamous for owning and selling billions of stolen identities, including usernames and passwords.

Jordan Evan Bloom, 27, of Thornhill, made his first provincial court appearance in Toronto on Monday on several cybercrime charges.

After more than a year and a half of investigating, Staff Sgt. Maurizio Rosa, a member of the RCMP's national cybercrime investigative team, called Bloom the "middle man" between the dark web and the internet Canadians use every day.

Police allege Bloom bought illicitly obtained identity accounts from the dark web and sold access to them through his website LeakedSource.com. (The dark web or dark net is made up of secret sites that aren't accessible by common search engines and has acted as a haven for illegal sales.)

Officers said LeakedSource.com had a database of approximately three billion personal identity records and associated passwords that could be purchased for a small fee. Rosa said about half of those were usernames and passwords and were gleaned from well-publicized data leaks, like the Ashley Madison hacks.

Police believe Bloom is responsible for administering LeakedSource.com and say he earned about $247,000 from trafficking identity information.

RCMP began investigating when they learned LeakedSource.com was being hosted by servers located in Quebec.

The Canadian side of his website has been shut down since he was arrested Dec. 22, but police believe Russian servers are keeping the site active.

Rosa said the information of some Canadians was on the website and more Canadians could be at risk.

Bloom is charged with:

- Trafficking in identity information.

- Unauthorized use of a computer.

- Mischief to data.

- Possession of property obtained by crime.

The RCMP thanked Dutch police and the FBI for aiding their investigation.

Bloom is due back in court on Feb. 16.