Data from hacked Bulgarian tax office systems now being circulated on hacking forums
Hacked data trader called 'Instakilla' shared download links for around half the compromised data
Download links purporting to offer around half the data from the hack of Bulgaria's National Revenue Agency's (NRA) databases have been shared on hacking forums.
The data was provided by a trader in hacked data by the name of 'Instakilla', who is believed to operate out of Bulgaria, and who has a reputation for sharing purloined data on shady hacking forums.
That's according to ZDNet, which has verified the authenticity of the shared database with local sources. It is the same database that was sent to local reporters last week - 10.7GB in size, it contains 57 folders holding personal and financial information of individuals and businesses.
Meanwhile, the probe into Bulgaria's National Revenue Agency (NRA) database hack has continued.
In a statement, NRA claimed that the attackers only accessed three per cent of the agency's systems. Local media had earlier reported that data of about 70 per cent of the country's population was compromised in the incident.
However, the attacker himself, in an email to local reporters over the weekend, had suggested that the authorities in Bulgaria would seek to cover up the incident, rather than fix their flawed security.
It comes after police arrested a 20-year-old who was, supposedly, a cyber security expert. Kristian Boykov was arrested on Wednesday but later released on bail after downgrading the charges against him.
Prosecutors in the capital Sofia said that investigators tracked one of the stolen files to a user name that had earlier been used by Boykov.
According to the Bulgarian language newspaper Dnevnik, Boykov had illegally accessed and downloaded data from the NRA's systems, but it was not the data that was stolen in the recent hack.
Prosecutors have now dropped the initial charge of computer crime against critical infrastructure against Boykov. He is now charged with committing a crime against the country's information systems. If found guilty, Boykov could be sentenced to a maximum of three years in jail. He has been banned from leaving the country until the investigation is completed.
According to prosecutors, the preliminary investigation suggests that the database hack was conducted from abroad. Bulgarian Interior Minister Mladen Marinov also believes that Russian hackers were likely involved in the breach, as the database was hacked after the Bulgarian government announced its decision to purchase F-16 fighter jets from the US.