Security researchers have discovered a tool used by cybercriminals that stores the stolen data of more than 30,000 users.

The Apophis device was found to contain sensitive user information, such as home addresses, phone numbers, and bank account and credit card details, from people based in the UK, US and Canada.

According to experts at Panda Security the details ended up on the file, which is hosted on a remote web server, after thousands of users inputted their details on to unsecured websites. The security researchers now believe those people are at risk of becoming victims of identity fraud.

“This is another example of the need for good security measures that prevents data ending up in the hands of cybercriminals”, says Luis Corrons, technical director of PandaLabs. “We are coming across more and more tools like this, which confirms there is a black market for developing and selling them.”

Fraudsters also use the Apophis device to track the location of infected computers, determine how many are active and to search for stolen data.