One page on the same server contains a hacking tool that can be used for a variety of other nefarious activity, such as building custom Web pages with exploit code.
The tool, called King IE Exploiter, is an application that can be used to find malicious software that can be incorporated into malicious Web pages, Boyd said. The application has been linked with Trojan horse programs aimed at stealing bank details and other malware that sends spam, he said.
Interestingly, when King IE Exploiter starts running, it lists several user names of hackers, Boyd said. "They're got quite a history for being known for all sort of elaborate scams and attacks," he said.
Those attacks include a worm found two years ago that installed a fake BitTorrent client on targeted computers that distributed large video files.
The users whose data is now circulating on the Internet in this incident could be less protected that other victims of large data breaches. In the US, some states have laws where businesses must contact those affected by a loss of data.
However, user may be unaware how their data is now circulating or is used if it was collected by scammers, Boyd said.
"It is quite worrying," Boyd said. "Obviously, they are quite happily gathering up all of this information."