WeLeakInfo was seized last year for selling user records leaked by hackers in hundreds of data breaches.
The UK National Crime Agency (NCA) has arrested 21 individuals, all males aged 18 and 38, during a nationwide cyber operation targeting a now-defunct online service- WeLeakInfo com.
The arrested individuals have been captured from across the UK and were customers of the website. WeLeakInfo offered access to data stolen from hacked websites.
According to authorities, the arrested suspects were involved in purchasing stolen credentials, which they used to commit a range of cybercrimes and frauds.
Nine out of the 21 arrested people were detained on suspicion of possible breach of the Computer Misuse Act, nine for Fraud-related offenses, and three were arrested for both. The NCA seized more than £41,000 in bitcoin from the suspects.
21 people have been arrested in a nationwide cyber crime crackdown targeting customers of an online criminal marketplace that advertised stolen personal credentials.
— National Crime Agency (NCA) (@NCA_UK) December 25, 2020
About WeLeakInfo com
The service was launched in 2017 to offer its customers a platform where they could access stolen data. It provided a search engine where the site visitors could find data obtained illegally from more than 10,000 data breaches worldwide.
It contained around 12 billion indexed stolen credentials, including names, usernames, email IDs, phone numbers, and passwords of online accounts. Additionally, the service offers several subscription plans offering unlimited searches and full access to the data breaches during the subscription period.
A range of plans was offered starting from $2, which provided full access to stolen data for a day, to one week for $7, one month for $25, and three months for $70. This made the website accessible to everyone, from novice hackers to apprentice-type cybercriminals.
Joint Operation Against WeLeakInfo
In January 2020, law enforcement agencies from across the globe collaborated in a joint operation against WeLeakInfo. The agencies participating in the operation included the FBI, the NCA, the German Bundeskriminalamt, the Netherlands National Police Corps, and the Police Service of Northern Ireland. The authorities jointly seized the domains of the controversial service. The operation ran for five weeks.
Apart from purchasing the stolen data, some of the arrested individuals also purchased cybercrime tools as well, including crypters and RATs (remote access trojans), explained the NCA. Three individuals owned indecent images of minors.
In a press release, Paul Creffield from the NCA’s National Cyber Crime Unit stated that:
“Cyber criminals rely on the fact that people duplicate passwords on multiple sites and data breaches create the opportunity for fraudsters to exploit that. Password hygiene is therefore extremely important.”