Dozens Arrested for Buying Breached Data on the Dark Web
- By Dawna M. Roberts
- Published: Dec 30, 2020
- Last Updated: Mar 18, 2022
Various data breaches have taken place across the globe in recent years, and millions of people’s personal information are available online and at risk of identity theft. Recently, the police arrested 21 UK citizens for buying some of that breached data.
What Happened?
WeLeakInfo[.]com is an online marketplace that was used to sell data breach spoils. It has since been shut down; however, in a major bust, the police have arrested 21 people in the UK for purchasing information from this website. The information (including login credentials and email accounts) came from other data breaches from online sources.
According to The Hacker News, the UK National Crime Agency (NCA) commented that the buyers used the stolen credentials to commit fraud and other cyber attacks.
Those arrested were 21 (all) men ages 18-38. The Hacker News said, “Nine have been detained on suspicion of Computer Misuse Act offences, nine for Fraud offences, and three are under investigation for both. The NCA also seized over £41,000 in bitcoin from the arrested individuals.”
In their statement, the NCA reported that some of the customers of WeLeakInfo also purchased remote access Trojans (RAT) and other resources for cybercrime. Three of them also were indicted on child pornography charges and were in possession of indecent images of kids.
WeLeakInfo’s Demise
In January 2020, during a joint effort between the Federal Bureau of Investigations (FBI), the NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland worked together to seize the domain and shut down the online data breach marketplace.
Previously the service worked using a database search where users could look for and purchase information obtained in more than 10,000 data breaches. The site claimed to have more than 12 billion records, mostly credentials with names, email addresses, usernames, phone numbers, and plain text passwords. The site was a gold mine for identity thieves and fraudsters looking to scam innocent victims. They operated through subscription plans paid via cryptocurrency, and The Hacker News stated that their pricing structure included unlimited searches for “($2), one week ($7), one month ($25), or three months ($70).”
Security experts theorize that the cheap price allowed budding hackers to get their start with credential stuffing and on the road to bigger things. Two dollars is a small price to pay for a ton of victims’ credentials that could lead to a much larger bounty.
Shortly after the website shut down, two 22-year old men were arrested and charged with running the website. One was from the Netherlands and the other from Northern Ireland.
Password Security to Stop Credential Stuffing
One of the reasons this service was so successful was that so many people reuse passwords on multiple websites. The Hacker News warned that:
“Cybercriminals rely on the fact that people duplicate passwords on multiple sites, and data breaches create the opportunity for fraudsters to exploit that,” NCA’s Paul Creffield said. “Password hygiene is, therefore, extremely important.”
Other password tips to stay safe from hackers and cybercriminals:
- Never reuse passwords on the same website.
- Use a really strong password with a combination of numbers, letters (both upper and lower case), and symbols. Passphrases are best.
- Don’t ever share your login credentials with anyone, especially when asked to do so in an email or via phone.
- Never click on a link in an email or download an attachment.
- Invest in a password vault, so you only have to remember one strong password and let the tool generate the rest.
- Change passwords every few months.
