Cyber-security firm doxxes hacker who sold MySpace and Dropbox databases in 2016

Recorded Future claims Tessa88's identity is a 29-year-old Russian named Maksim Vladimirovich Donakov.
Written by Catalin Cimpanu, Contributor
Image: Recorded Future

Recorded Future, a US-based cyber-security firm, claims to have uncovered the real world identity of a notorious hacker who, back in 2016, had been behind the sale and proliferation of a slew of user databases from companies such as MySpace, Badoo, Dropbox, LinkedIn, and Twitter, just to name a few.

The hacker's pseudonym is Tessa88, but Recorded Future claims that behind this acronym stands a 29-year-old named Maksim Vladimirovich Donakov (Донаков, Максим Владимирович), from the town of Penza, Russia.

Tessa88 is mostly known for being one of two hackers --together with Peace_of_Mind-- behind the string of so-called "mega breaches" that came to light in 2016.

Some of the databases that Tessa88 advertised online contained user data --and sometimes even passwords-- from companies such as MySpace, Twitter, LinkedIn, Dropbox, Badoo, QIP, Rambler, VKontakte, and Mobango. Peace_of_Mind also sold some of the same databases, but also others, unique to him.

ZDNet: Black Friday 2018 deals: Business Bargain Hunter's top picks | Cyber Monday 2018 deals: Business Bargain Hunter's top picks

But neither Tessa88, nor Peace_of_Mind, were the actual hackers who breached these companies. Both have said in multiple interviews given to news media outlets, including to this reporter, that they only acted as middlemen for a larger group of hackers who performed the actual hacks.

Both middlemen weren't active for long. Researchers spotted the Tessa88 persona active and trying to sell the databases on underground hacking forums and Dark Web marketplaces only between February and May 2016.

But despite Tessa88's limited activity, Recorded Future said today in a report that they've managed to interconnect several online identities to the Tessa88 moniker, and later to Maksim Donakov.

Researchers found YouTube videos, images uploaded on forums and Imgur, and three Odnoklassniki profiles (Russian social network service for classmates) that provided enough clues to identify Maksim Donakov as the person behind Tessa88. The two most important clues included:

Photos of Donakov's face that were uploaded on multiple profiles, interlinking various of Tessa88's alternative nicknames.

A YouTube video showing the car license plate for one of Tessa88's alternate acronym's, which was later linked to a traffic incident, revealing Donakov's real name.

Below is an infographic shared by Recorded Future, detailing their findings.

Image: Recorded Future

As a side note, US prosecutors have already charged, arrested, and extradited to the US a Russian hacker, Yevgeniy Nikulin, who they accused of hacking into Dropbox and LinkedIn, two of the databases that Tessa88 had put up online for sale back in 2016.

Related cyber-security coverage:

Best Black Friday 2018 deals:

Editorial standards