Indexeus is a new search engine that indexes user account information acquired from data breaches, including hackers’ accounts stolen in the underground. A new search engine for underground hacking dubbed Indexeus has been launched, it retrieves all the available information on user account acquired from hundreds recently data data breaches. The data collected includes information on malicious hackers stolen recent hack, including Adobe and Yahoo!

The search engine Indexeus was developed by the Portuguese Jason Relinquo, a 23-year-old hacker which has built a searchable archive containing “over 200 million entries”. Relinquo has collected a huge amounts of data related to the accounts used by hackers, including IP addresses, email addresses, usernames, passwords, physical addresses, birthdays and other many other personal information. “This is a service which provides easy access to hundreds of databases, which is very useful if you don’t want to bring your databases around or if you just don’t have any,” “The goal is to make people realize that using the same information all over is stupid and will lead to you getting your information stolen, but also showing you how badly administrators keep your private data stored.” reports the Indexeus website. Almost all the information proposed by the young guy on malicious hackers come from data breaches and hacks of popular hacking forums, it is considerable today the largest database of hackers’ personal information publicly available. The Indexeus search engine also includes data belonging members of hackforums [ dot ] net, the hacking forum attended by script kiddies who are offering and buying different hacking services. Recently another search engine captured the attention of security community, Grams Darknet Market Search Engine, specialized for researches in the underground markets, including BlackBank, C9, Evolution, Mr. Nice Guy, Pandora, The Pirate Market, and SilkRoad2.

The Relinquo’s initial idea is that any hacker that desires to remove its credentials and data from the archive or blacklist himself from the search engine have to pay $1 per record, an economic demand for those wishing to operate in the shadows that will not be accepted willingly. Of course, this is not legal and violates directive like the EU’s “right to be forgotten“. After the popular blog Krebson Security discovered the search engine, Relinquo has changed the terms of service requesting so that users don’t have to pay to remove or completely blacklisted them from the Indexeus.

“We’re going through some reforms (free blacklisting, plus subscription based searches), due some legal complications that I don’t want to escalate,” Relinquo wrote in a chat session. “If [ Indexeus users] want to keep the logs and pay for the blacklist, it’s an option. We also state that in case of a minor, the removal is immediate.” states the new TOS.

The Indexeus website also seeks to sensitize its members on security issues and how they data are managed by administrators of various web services they access.