Joseph Cox reports:
Hackers break into websites, steal information, and then publish that data all the time, with other hackers or scammers then using it for their own ends. But breached data now has another customer: law enforcement.
[…]
The sale highlights a somewhat novel use of breached data, and signals how data ordinarily associated with the commercial sector can be repurposed by law enforcement too. But it also raises questions about whether law enforcement agencies should be leveraging information originally stolen by hackers. By buying products from SpyCloud, law enforcement would also be obtaining access to hacked data on people who are not associated with any crimes—the vast majority of people affected by data breaches are not criminals—and would not need to follow the usual mechanisms of sending a legal request to a company to obtain user data.
Read more on Vice.