Over 18 million user credentials have been found on a server of a Japanese company who let Chinese hackers use it in their attacks.
Japanese police said that between June and November 2015, Chinese hackers used the server of Tokyo company Nicchu Shinsei Corp. to administer attacks on Japanese and international websites. Some of the websites included Yahoo Japan, Facebook, Twitter, Rakuten and others.
In November, Nicchu Shinsei's president and other staff were arrested and indicted.
Credentials for more than 31 web services were found. That includes usernames, passwords, names and birthdates. Police also found an automatic programme that illegally tries to gain website access and confirm if user IDs and passwords are valid.
Each company, for which user credentials were found, has been notified to advise the affected customers and assist them in changing their account passwords.
“We have already taken such measures as changing passwords,” said a spokesperson of Yahoo Japan.
Most victims were users of a popular Chinese chat service that may have been compromised, so Tokyo police have asked Interpol for help in making inquiries at the Chinese company.