Skip to main content

Exclusive Expose. Hacker Who Sold LinkedIn, Dropbox Databases Revealed.

Tessa88 russian hacker.

The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn, DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza, Russian Federation.

In early 2016, a hacker with pseudonym Tessa88 emerged online offering stolen databases from some of the biggest social media websites in the world, including LinkedIn, MySpace, VKontakte (vk.com), Dropbox, Rambler, and Twitter, for sale in various underground hacking forums.
The stolen data, taken years ago from several social media sites, included more than half a billion username and password combinations, which were then used in phishing, account takeover, and other cyber attacks.

Though Tessa88's profile was active for a few months between February and May 2016, the OPSEC analysis revealed that the same person was involved in various cybercriminal activities since as early as 2012 under different aliases including "Paranoy777," "tarakan72511," "stervasgoa," "janer93" and "Daykalif."
Unmasking "Tessa88"
Russian Hacker Maksim Vladimirovich Donakov
Researchers with US-based threat intelligence firm Recorded Future's Insikt Group used a combination of their own data, dark web activity, multiple chats and email accounts associated with Tessa88 to find a connection between his other online aliases, and collected information from publicly available sources to unveil his true identity.
Tarakan72511 → Tessa88 → Donakov
Researchers identified an online account "tarakan72511" on Imgur, a popular online image sharing service, who posted screenshots of discussions regarding the Yahoo and Equifax breaches. On the same account Tarakan72511 also posted his real picture titled "tessa88" in 2017, which links Donakov with tarakan72511 and tessa88.
Tessa88 → Donakov with Guy Fawkes mask
Another member of an underground forum, TraX, shared a photo of Tessa88, showing a man on the car roof with his face hidden behind Guy Fawkes mask, whose body type and hairstyle resemble with the picture of Tessa88 posted by tarakan72511.
Tarakan72511 → Russian Car with Guy Fawkes mask → Tessa88
Researchers also identified a YouTube account with a similar username—Tarakan72511 Donakov—who posted a video showing someone feeding stray dogs. The video also revealed a style Guy Fawkes mask (same as worn in the picture posted by TraX) in the boot of a Mitsubishi Lancer car with the registration number K652BO 58.
All Evidences Leads to Maksim Vladimirovich Donakov
Russian Hacker Tessa88 Maksim Vladimirovich Donakov
After exploring several confidential sources, Penza records, and Russian crime database, researchers find Tessa88 as Maksim Vladimirovich Donakov (date of birth: 02/07/1989), whose persona matches with the YouTube username 'Donakov,' Mitsubishi Lancer and person revealed in Imgur picture.

Maksim Vladimirovich Donakov committed several crimes in Russia, including a car accident while driving a Mitsubishi Lancer in 2017. He also served jail time after committing another crime in 2014.
After the comprehensive investigation, Recorded Future, with a "high degree of confidence, concluded that Donakov is the man behind the sale of the extensive databases, including 32 million Twitter accounts, 360 million Myspace credentials, and 500 million Yahoo accounts.
It is also believed that Donakov have sold data stolen from VKontakte (vk.com), Mobango, Badoo, QIP, and Rambler on various underground forums.
At the time of a series of so-called 'mega breaches' in 2016, another online alias that came up was Peace_of_Mind — a separate hacker who was seen selling 117 Million LinkedIn emails and passwords and 200 million Yahoo accounts in 2016 on the currently defunct TheRealDeal Market.
According to Recorded Future, Tessa88 and Peace_of_Mind made an agreement in May 2016 on sharing some of the stolen databases in a "likely attempt to expedite monetizing the massive amount of data between the two."
The LinkedIn breach resulted in the arrest of Russian national Yevgeniy Nikulin (Евгений Никулин) in October 2016 by the FBI in the Czech Republic, who was later extradited to the United States. However, until today, no clear evidence links Nikulin to Peace_of_Mind.
It should be noted that neither Tessa88 nor Peace_of_Mind was the actual hacker who breached the aforementioned companies. Both were involved in the selling of the already stolen databases, but not in performing the actual hacks, though the exact methods used to steal the databases are also unknown.
Recorded Future hopes that the upcoming criminal case of Nikulin, who is now also a person of "great interest" in the US probe of Russia's meddling in the US presidential election, will shed some light on the gaps in the story.

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.