The dump also appears to contain a client database, meaning that anyone who used Freedom Hosting II might be exposed, Monteiro said.
“We’re going to see emails, usernames, all of which can be used by law enforcement for prosecution of people,” he said.
In addition, the dump contains forum posts from users mentioning sex with minors, the sale of hacked internet accounts, and files that reference botnets and online scamming.
Freedom Hosting II was the largest shared hosting service on the dark web, Monteiro said. It was specifically designed for users who wanted anonymous hosting, but who lacked the know-how to set it up, he said.
However, many of the sites hosted by the service were probably small. “I doubt we’ll find any large sites operating child porn,” he said of the data dump.
According to the hacker’s message, Freedom Hosting II was responsible for 10,613 sites. However, the database dump indicates that a vast majority of those sites had only a few dozen or hundreds of user visits.
Troy Hunt, a data breach expert, said in a tweet that he noticed the database dump contained 381,000 email addresses.
“Law enforcement will absolutely have this data, it's very public. It also obviously has many real email addresses in it,” he tweeted.
Privacy researcher Sarah Jamie Lewis has also been researching Freedom Hosting II. In October, she wrote that the service had been hosting sites that sold counterfeit documents and stolen credit card numbers, in addition to those that operated as personal blogs and web forums.
Sign up for CIO Asia eNewsletters.