In 2019, Defiant Tech Inc., a Canadian company, pleaded guilty to operating LeakedSource.com, a service that sold access to stolen passwords and other data obtained in various data breaches. It has now been revealed that the owner of Defiant Tech, Jordan Evan Bloom, was previously employed as a developer for AshleyMadison.com, a website notorious for facilitating marital infidelity. Bloom resigned from AshleyMadison in June 2015, just one month before hackers stole data on 37 million users. Following his resignation, Bloom launched LeakedSource, a platform that claimed to help hackers break into valuable accounts and portrayed itself as a legitimate business marketing to security firms and professionals.
In January 2018, the Royal Canadian Mounted Police (RCMP) charged Bloom with selling stolen personal identities through LeakedSource.com. He was arrested one month earlier and was found to have made approximately $250,000 selling hacked data, including information from the Ashley Madison breach. However, subsequent press releases from the RCMP referred to the defendant as Defiant Tech, omitting any mention of Bloom’s involvement.
The connection between Bloom and Ashley Madison was brought to light by email messages leaked from the company’s then-CEO Noel Biderman. It was revealed that Bloom was hired as a PHP developer in December 2014, even though Ashley Madison was aware of his involvement in shady online enterprises. Bloom’s recommendation came from Trevor Sykes, the chief technology officer at Ashley Madison’s parent company Avid Life Media. In an email to Biderman, Sykes stated that Bloom had experience in “gold farming,” which involves using large numbers of player accounts in online role-playing games to gain an advantage, often related to making real-world money. Sykes also mentioned Bloom’s involvement in “real money trading,” which involves selling virtual goods in games for real-world currency. Both practices are considered gray market activities and are typically against game company terms of service.
Sykes also highlighted that Bloom had faced challenges with chargebacks and payment processor compliance due to his involvement in RMT. Despite these concerns, Bloom had demonstrated a business and technical strategy to address these issues during his interview. Sykes went on to praise Bloom for his coding skills and his previous experience running his own company in the gaming industry.
Interestingly, a connection was discovered between LeakedSource and a website called Abusewith.us, which was dedicated to hacking email and online gaming accounts. The administrator of Abusewith.us was suspected to be one of the administrators of LeakedSource. While the administrator denied being associated with LeakedSource, it was clear that Bloom was a prolific member of Abusewith.us.
Bloom’s background in IT and programming was also highlighted in an email sent by Ashley Madison’s director of HR. The email mentioned that Bloom had a degree in theoretical physics and had been actively programming since high school. Additionally, Bloom was the proprietor of a high-traffic multiplayer game and developed utilities such as PicTrace, a service that allowed users to gather information about anyone who viewed an image hosted on the platform.
Investigations into Bloom’s online activities revealed further connections. A domain registered to Bloom was found to be associated with a popular RuneScape Private Server (RSPS) game called Near Reality. However, Near Reality was forced to shut down due to a copyright dispute with Jagex, the owner of RuneScape. Bloom was also known to go by the nickname “Agentjags” within the gaming community.
By the beginning of 2016, Bloom had disappeared and was suspected of fleeing to the Caribbean. There were speculations among members of the Near Reality Facebook page, which Bloom was associated with, about his whereabouts. A co-owner of the page mentioned that Bloom was rumored to be hiding in St. Lucia, pursuing his love for scuba diving.
The story of Jordan Evan Bloom and his involvement with Ashley Madison, LeakedSource, and various online gaming platforms is a complex web of connections and questionable activities. The revelations shed light on the underground world of data breaches, hacking, and gray market operations. The case serves as a reminder of the importance of cybersecurity measures and the potential consequences of engaging in illegal or unethical online activities.