Hey thank you for those links, @frostlike. I still need to read those over again, it’s not an easy read for me as i’m not savvy on these things. I planned on a response once I understood them but I figured I should go ahead and thank you now.
I’m doing searching on this topic (after my first post) looking specifically for legal cases. So far i’ve found one from Canada, on LeakedSource thanks to this blog post by Troy Hunt.
I don’t know the best way to detail the relevant parts (a LinkedIn cease and desist already covered in the Troy Hunt blog, the site going down, the arrest of the owner, the company pleading guilty and charges made) in this post so if you’re interested this has the most detail https://krebsonsecurity.com/2023/07/leakedsource-owner-quit-ashley-madison-a-month-before-2015-hack/ The charges made were trafficking in identity information, unauthorized use of a computer, mischief to data, and possession of property obtained by crime.
From the KrebsOnSecurity article
In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com , a service that sold access to billions of passwords and other data exposed in countless data breaches.
The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.
Subsequent press releases from the RCMP about the LeakedSource investigation omitted any mention of Bloom, and referred to the defendant only as Defiant Tech. In a legal settlement that is quintessentially Canadian, the matter was resolved in 2019 after Defiant Tech agreed to plead guilty. The RCMP declined to comment for this story.
As to his company’s guilty plea for operating LeakedSource, Bloom maintains that the judge at his preliminary inquiry found that even if everything the Canadian government alleged was true it would not constitute a violation of any law in Canada with respect the charges the RCMP leveled against him, which included unauthorized use of a computer and “mischief to data.”
“In Canada at the lower court level we are allowed to possess stolen information and manipulate our copies of them as we please,” Bloom said. “The judge however decided that a trial was required to determine whether any activities of mine were reckless, as the other qualifier of intentionally criminal didn’t apply. I will note here that nothing I was accused of doing would have been illegal if done in the United States of America according to their District Attorney. +1 for free speech in America vs freedom of expression in Canada.”
“Shortly after their having most of their case thrown out, the Government proposed an offer during a closed door meeting where they would drop all charges against me, provide full and complete personal immunity, and in exchange the Corporation which has since been dissolved would plead guilty,” Bloom continued. “The Corporation would also pay a modest fine.”
No clue if the Linkedin cease and desist from 2016 has connections to what would happen later.
LinkedIn is striking back against a website attempting to monetize the 117 million usernames and passwords stolen from the company as part of a 2012 data breach. Website LeakedSource is reporting lawyers representing LinkedIn have served the company a cease and desist order on Wednesday alleging the company is in violation of California’s Computer Fraud and Abuse Act because it is “illegally copying and displaying LinkedIn members’ information” without their consent.
LeakedSource claims California laws are not applicable to the company because it is based outside the United States. The company also claims it is not making the entire database available for sale. It claims its business model is to sell subscriptions to individuals interested in searching its database collection of publicly available, compromised databases to verify if their credentials have been compromise. Prices start at $0.76 a day with monthly subscriptions also available.