Two Arrested Over Site Offering 12 Billion Hacked User Records

SecurityWorkspace
HSBC, security, hacking

Arrests in Netherlands and Northern Ireland as FBI seizes WeLeakInfo.com, which offered index of 10,000 data breaches for as little as £1.50 per day

Two 22-year-old men were arrested in the Netherlands and Northern Ireland for allegedly operating a website that claimed to offer access to a database of some 12 billion hacked user records, including usernames and passwords.

The US federal government confiscated the website’s domain, WeLeakInfo.com, and the US Justice Department put out a call for more information on the site and its operators.

The site, which said it indexed records from 10,000 data breaches, claimed to be a legitimate tool allowing users to investigate whether their records had been hacked.

But it offered the data from those breaches to any paying customer, effectively making it a hacking tool in itself, authorities said.

Image credit: US Department of Justice
Image credit: US Department of Justice

Leaked data

WeLeakInfo offered unlimited access to its database for as little as $2 (£1.50) per day and even claimed to offer an application interface for performing bulk checks for breaches of company accounts.

The data included names, email addresses, usernames, phone numbers and passwords for online accounts, the Justice Department said.

Police arrested a man in Arnheim, the Netherlands, and another in Northern Ireland, police said.  Two addresses in Arnheim were searched.

“The suspect is involved in possessing and offering stolen usernames and passwords and has a facilitating role when it comes to cybercrime,” Dutch police said, according to a local report.

They said they could not provide more specific details as the investigation is ongoing.

Joint operation

The investigation was carried out jointly by Dutch police, the UK’s National Crime Agency, the FBI, and Germany’s Bundeskriminalamt.

US authorities previously took down a similar site called LeakedSource in 2017.

After confiscating WeLeakInfo.com, the US Department of Justice initially posted a takedown notice, leading some observers to believe the site had been hacked.

“It looks like they got hacked, and someone threw up an FBI seizure page,” one user wrote on Twitter last Thursday, adding the notice “doesn’t look legit”.

The DOJ issued its statement on the seizure later that day.

Read also :
Click to read the authors bio  Click to hide the authors bio