How Can the Russian Hacker Tessa88@exploit.im Be Stopped?

The hacker known as Tessa88@exploit.im last month released 117m Linked in passwords and another 487m MySpace passwords. This week the same hacker made available a further 100 million password credentials stolen from Russian social media site VK. He claims to have a further 70 million accounts but is not yet releasing the remainder. The VK details were obtained some time between 2011 and 2013, and would consequently seem to represent almost all VK members at the time. It is likely that this happened while the organization was still headed by founder Pavel Durov. In 2014, under pressure from a Kremlin Internet enforcement effort he sold his shares to the Mail.ru group and left Russia; later founding the encrypted chat app Telegram. At the time of writing, Durov has made no comment about the VK leak on his Twitter account. The hacker is selling the database on the dark web site The real Deal for just 1 bitcoin (currently just under $600). He asked for 5 bitcoins for his LinkedIn dataset – suggesting that criminals would consider LinkedIn users potentially more valuable than VK users. Public news of the leak first appeared on LeakedSource,  a repository of hacked credentials. LeakedSource says that the database was "provided to us by a user who goes by the alias 'Tessa88@exploit.im'" It says nothing about how the hacker might have obtained the details, but just adds, "This data set contains 100,544,934 records. Each record may contain an email address, a first and last name, a location (usually city), a phone number, a visible password, and sometimes a second email address." What will the Tessa88@exploit.im target next? Send your predictions to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/