21 people have been arrested in the UK as part of an operation against customers of the WeLeakInfo[.]com service that had been previously selling access to data from data breaches.
WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches. In early 2020, a joint operation conducted by the FBI in coordination with the UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain.
After the seizure of the service in January, two men, one in the Netherlands and another in Northern Ireland, were arrested.
“The operation, which ran over the past five weeks, was coordinated by the National Crime Agency and involved cybercrime teams from across the Team Cyber UK network.” reads the announcement published by the UK NCA.
“Those targeted were customers of WeLeakInfo, a site that hosted 12 billion stolen credentials from over 10,000 data breaches before it was taken down in January 2020 following an NCA investigation.”
The suspects arrested by the police used the stolen credentials to commit illegal actions, they are all men aged between 18 and 38.
Nine out of 21 arrested have been detained on suspicion of Computer Misuse Act offences, nine for Fraud offences, and three are under investigation for both.
The NCA seized over £41,000 worth of bitcoin from the suspects.
Some of the subjects that have been arrested also purchased other cybercrime tools, including remote access Trojans (RATs) and crypters.
Three individuals have been found to be in possession of, or involved with, indecent images of children.
Cyber Prevent officers visited other 69 individuals in England, Wales and Northern Ireland aged between 16-40. The police warned them of their potential criminal activity. 60 of those were served with cease and desist notices.
“Through the identification of UK customers of WeLeakInfo, we were able to locate and arrest those who we believe have used stolen personal credentials to commit further cyber and fraud offences.” said Paul Creffield, from the NCA’s National Cyber Crime Unit.
“The NCA and UK law enforcement take such offences extremely seriously and they can result in huge financial loss to victims. We were also able to pin point those on the verge of breaking the law and warn them that should they continue, they could face a criminal conviction. Cyber skills are in huge demand and there are great prospects in the tech industry for those who choose to use their skills legally.”
“Cyber criminals rely on the fact that people duplicate passwords on multiple sites and data breaches create the opportunity for fraudsters to exploit that.”
Data breach notification services is a profitable business, visitors pay a fee to access data exposed in past data breaches. A subscription fee ranges from a $2 trial to a $70 three-month unlimited access account and allows users to search for any data in the archive managed by the companies.
This is quite different from services that only alert individuals when their data are exposed in a data breach and that for this reason are considered legal.
Data breach notification services like WeLeakInfo are a mine for threat actors that could gather information on their targets before launching a cyber attack.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, WeLeakInfo)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.