NOT for Sale! BlueLeaks 2.0 Hacktivist decides not to sell dataset with sensitive data

Just when I thought I might be done with work for the day, DataBreaches received an email from “Internet Yiff Machine” (IYM), the hacktivist responsible for hacking P3 Global Intel in what has been called the “Blue Leaks 2.0” breach . As most readers know by now, IYM provided a dataset of 8.3 million tips that were supposed to be anonymous and secure to DDoSecrets.org, Straight Arrow News, and DataBreaches.net . On March 24, IYM listed the dataset for sale on a hacking forum for $10,000.00. In emails to DataBreaches, reported previously, they explained that they were in financial straits and really needed the money, even though it had never been their intent to sell it. Although DataBreaches reported that the dataset was up for sale, this site neither linked to the forum listing nor mentioned that IYM also had a second listing offering a search service for the dataset. For $15, they would look up a name in the dataset. For bulk inquiries of 10 or more, the fee would be $100 for 10 searches. Earlier today, DataBreaches emailed IYM a link to our update on our findings so they could see how the data were being used in our publicly reported research. IYM responded later, and their response surprised us: I wanted to let you know that the P3 database has not been sold and will not be sold; it’s been taken off the market. An acquaintance has informed me of some details I wasn’t aware of, as well as an alternate source of funds, far more ethical and aligned with my beliefs. In response to follow-up questions from DataBreaches, IYM replied that they were also removing the lookup search offering but would still retain the data for now. “I’m sure I’ll delete it eventually though,” they added. According to IYM, are five copies in existence that they know about — theirs, DDoSecrets.org’s, Thalen’s, DataBreaches.net’s, and maiw crimew’s. DataBreaches had been unaware that hacktivist maia arson crimew (formerly known as Tillie Kottmann) has a copy of the dataset. IYM informs DataBreaches that it was IYM who did all the hacking, however. DataBreaches had one last question for IYM: what changed their mind about selling the data? They replied: It was a combination of different factors. Yours, and other’s, reporting certainly swayed my position more than it already was from a deviation of ethics. The final straw was an acquaintance informing me that if certain tips among the data got leaked, it could easily and substantially impact the court case of a mutual associate. “I’m glad I don’t have to sell the dataset, its truly a relief,” IYM wrote to DataBreaches. It’s a relief to us, too, IYM. DataBreaches has emailed Navigate360 to alert them of IYM’s communication and this post. Related: P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next. Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty Kept in the Dark -- Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden TeamGhostShell posts "master list" of 548 leaks (so far) "I'm Not Pro-Russia and I'm Not a Terrorist!" —- InfraGard and Airbus Hacker “USDoD” Unveils His New Campaigns Category: Commentaries and Analyses Hack Of Note