Jump to content

WeLeakInfo gets pwned by FBI; Dutch, Irish police arrest alleged breach brokers


Karlston
 Share

Recommended Posts

WeLeakInfo gets pwned by FBI; Dutch, Irish police arrest alleged breach brokers

Site aggregated 12 billion usernames and passwords from over 10,000 breaches.

The seizure notice for WeLeakInfo even included the site's logo. Fancy.
Enlarge / The seizure notice for WeLeakInfo even included the site's logo. Fancy.

On Wednesday, police in the Netherlands and Northern Ireland arrested two 22-year-old men believed to be connected to WeLeakInfo, a site offering usernames and passwords from multiple data breaches for sale. At the same time, the Federal Bureau of Investigation, in coordination with the UK's National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland, took down the domain for the site, redirecting it to a seizure notice (shown above).

 

At first, some thought the takedown was simply a breach of the site itself—mostly because the FBI took the time to add the site's logo to the takedown notice.

 

 

But on Thursday afternoon, the Justice Department announced the takedown and put out a call for further information on WeLeakInfo and its operators. WeLeakInfo claimed to have over 12 billion usernames and passwords from a collection of over 10,000 data breaches. Originally hosted at a Canadian hosting company's data center when set up in 2016, the domain was moved behind Cloudflare a day later. The site, originally advertised as "the most extensive private database search engine," purported to be a legitimate tool for companies to perform security research—even claiming to offer an application interface for performing bulk checks for breaches of company accounts.

How WeLeakInfo looked before the takedown.
Enlarge / How WeLeakInfo looked before the takedown.

But the site was alleged to be selling more than just breach warnings. In an announcement of the seizure of the domain posted Thursday by the US Justice Department, the DOJ alleged that WeLeakInfo allowed its users to access "a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records—including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts." The site's subscription plans allowed users unlimited access to the data.

 

While the domain has been seized and computers connected to its operation were confiscated by Dutch police, the fate of the site's server remains unknown.

 

 

Source: WeLeakInfo gets pwned by FBI; Dutch, Irish police arrest alleged breach brokers (Ars Technica)  

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...