Finjan uncovered a server that contained 1.4GB of private information stolen from thousands of individuals around the world. The company said that the server, which was discovered after analyzing malicious code, was completely open to the public. Anyone that landed on the site could have obtained some or all of the stolen information from over 5300 log files on the server.
Finjan said that data was collected from compromised PCs in various countries including the USA, UK, Germany, France, India, Canada, Turkey, Spain, and The Netherlands. The company discovered that much of the data came from approximately 40 businesses, each of which were notified by Finjan regarding the data breaches.
The server, which also acted as a command and control center for a botnet, had been collecting data for less than a month. During those few weeks banking information, medical records, billing information, private correspondence, login details, and more were stolen and pooled into log files. The company said that the sheer volume of data theft indicates that the level of cybercrime existing today is probably much greater than analysts have projected.
Details of Finjan's discovery are available in the company's "Malicious Page of the Month" report for April 2008.