Defiant Tech Inc., the company behind the LeakedSource.com portal, pleaded guilty this week, according to a press release from the Royal Canadian Mounted Police (RCMP).
The LeakedSource website launched in late 2015 and rose to infamy in 2016. Its operators gathered data from hacked companies, either from the public domain or by buying it from hackers.
LeakedSource provided access to this illegally obtained information via a search form on site, to anyone willing to pay a fee. During its lifetime, it collected information such as usernames, real names, emails, home addresses, phone numbers, and even plaintext passwords.
During 2016 and 2017, the site listed hacked information for over 3.1 billion accounts. High profile companies that had their users' data sold on the site included Twitter, Last.fm, LinkedIn, VK.com, AdultFriendFinder, Mate1, Shadi, Weebly, and others.
Bloom was officially charged in January 2018. This week, his company pleaded guilty to charges of "trafficking in identity information and possession of property obtained by crime."
"We are pleased with this latest development," said Superintendent Mike Maclean, Officer in Charge Criminal Operations of the RCMP National Division. "I am immensely proud of this outcome as combatting cybercrime is an operational priority for us."
Canadian authorities have worked with the FBI and Dutch National Police to track down Bloom, in an investigation codenamed "Project Adoration."
While authorities charged only Bloom and his company DefiantTech in the investigation, there is also evidence to suggest Bloom didn't act alone. An investigation by infosec journalist Brian Krebs claimed that a second suspect, a US man named Jeremy Wade, was also behind the service. He was never charged.
These are the worst hacks, cyberattacks, and data breaches of 2018