Categories: SecurityWorkspace

Two Arrested Over Site Offering 12 Billion Hacked User Records

Two 22-year-old men were arrested in the Netherlands and Northern Ireland for allegedly operating a website that claimed to offer access to a database of some 12 billion hacked user records, including usernames and passwords.

The US federal government confiscated the website’s domain,, and the US Justice Department put out a call for more information on the site and its operators.

The site, which said it indexed records from 10,000 data breaches, claimed to be a legitimate tool allowing users to investigate whether their records had been hacked.

But it offered the data from those breaches to any paying customer, effectively making it a hacking tool in itself, authorities said.

Image credit: US Department of Justice

Leaked data

WeLeakInfo offered unlimited access to its database for as little as $2 (£1.50) per day and even claimed to offer an application interface for performing bulk checks for breaches of company accounts.

The data included names, email addresses, usernames, phone numbers and passwords for online accounts, the Justice Department said.

Police arrested a man in Arnheim, the Netherlands, and another in Northern Ireland, police said.  Two addresses in Arnheim were searched.

“The suspect is involved in possessing and offering stolen usernames and passwords and has a facilitating role when it comes to cybercrime,” Dutch police said, according to a local report.

They said they could not provide more specific details as the investigation is ongoing.

Joint operation

The investigation was carried out jointly by Dutch police, the UK’s National Crime Agency, the FBI, and Germany’s Bundeskriminalamt.

US authorities previously took down a similar site called LeakedSource in 2017.

After confiscating, the US Department of Justice initially posted a takedown notice, leading some observers to believe the site had been hacked.

“It looks like they got hacked, and someone threw up an FBI seizure page,” one user wrote on Twitter last Thursday, adding the notice “doesn’t look legit”.

The DOJ issued its statement on the seizure later that day.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Patient Dies In Germany After Hospital Ransomware Attack

Real world consequence of ransomware attacks. A female patient has died as a result of…

2 hours ago

Tesla Driver Charged For Sleeping As Car Drove At 90mph

Unbelievable! Driver in Canada charged with dangerous driving, after he slept in fully reclined seat…

3 hours ago

ByteDance Majority Stake Puts Oracle-TikTok Deal At Risk – Report

Plan to keep majority stake in TikTok, will hinder White House approval reports suggest, as…

22 hours ago

Nintendo Shuts the Lid On 3DS

Nearly a decade after it first launched, Japanese gaming giant Nintendo discontinues its popular 3DS…

23 hours ago

Aussie Regulator Refuses To Back Down After Facebook News Warning

Blunt warning from Facebook about blocking news sharing down under, receives equally blunt response from…

24 hours ago

Academic Sector Warned Of Cyber Threat By NCSC

Universities and schools are being warned by UK's cyber guardian of threats posed to their…

1 day ago