Search engine for leaked passwords shut down

Police have seized WeLeakInfo.com, an online service that turned selling access to data exposed by breaches into a business.

The site offered subscription-based access to billions of compromised user login credentials, essentially offering a search engine for breached personal data including names, email addresses, phone numbers, IP address, and passwords.

A joint law enforcement action led by the UK’s National Crime Agency (NCA), in collaboration with international law enforcement partners including the FBI and the East Netherlands Cyber Crime Unit (Politie), has led to the seizure of the domain and the arrest of two suspects.

A 22-year-old male was arrested in Fintona, Northern Ireland by the country's police service on suspicion of fraud and serious crime offences before being released on bail, pending further inquiries.

Another man, also 22, was arrested in Vriendin, the Netherlands, by Dutch authorities.

Neither suspect has been named but police allege the duo made £200,000 ($261,000) through the dodgy site they ran together.

The pair became suspects after police traced online payments for hosting and other services linked to the site back to IP addresses used by the two men.

Police also established “links between the purchase of cybercrime tools, such as remote access Trojans (RATs) and cryptors, and weleakinfo.com.”

Robert Ramsden-Board, EMEA vice president at Securonix, commented in a press release: “Weleakinfo.com was a useful resource for threat actors.

“Hackers could perform unlimited searches for exposed data for as little as $2 a day.

“Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks.”

The FBI took ownership of the WeLeakInfo.com domain name and added a notice stating it was seized.

Prior to the takedown, police allege that the site hosted credentials taken from around 10,000 data breaches. The details were used in subsequent cyber-attacks in an unspecified number of cases.

Although WeLeakInfo.com has been taken out of commission, other similar services exist and may well expand to fill the gap in the market occasioned by a rival's takedown.

In a blog post, security industry veteran Graham Cluley explains the difference between WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned.

The latter only offers warnings – free of charge – that a person’s email address and associated info has been part of a breach without ever storing or offering access to passwords.


YOU MIGHT ALSO LIKE Massive stolen credit card sale features 1.3 mostly Indian records