Categories: SecurityWorkspace

Two Arrested Over Site Offering 12 Billion Hacked User Records

Two 22-year-old men were arrested in the Netherlands and Northern Ireland for allegedly operating a website that claimed to offer access to a database of some 12 billion hacked user records, including usernames and passwords.

The US federal government confiscated the website’s domain,, and the US Justice Department put out a call for more information on the site and its operators.

The site, which said it indexed records from 10,000 data breaches, claimed to be a legitimate tool allowing users to investigate whether their records had been hacked.

But it offered the data from those breaches to any paying customer, effectively making it a hacking tool in itself, authorities said.

Image credit: US Department of Justice

Leaked data

WeLeakInfo offered unlimited access to its database for as little as $2 (£1.50) per day and even claimed to offer an application interface for performing bulk checks for breaches of company accounts.

The data included names, email addresses, usernames, phone numbers and passwords for online accounts, the Justice Department said.

Police arrested a man in Arnheim, the Netherlands, and another in Northern Ireland, police said.  Two addresses in Arnheim were searched.

“The suspect is involved in possessing and offering stolen usernames and passwords and has a facilitating role when it comes to cybercrime,” Dutch police said, according to a local report.

They said they could not provide more specific details as the investigation is ongoing.

Joint operation

The investigation was carried out jointly by Dutch police, the UK’s National Crime Agency, the FBI, and Germany’s Bundeskriminalamt.

US authorities previously took down a similar site called LeakedSource in 2017.

After confiscating, the US Department of Justice initially posted a takedown notice, leading some observers to believe the site had been hacked.

“It looks like they got hacked, and someone threw up an FBI seizure page,” one user wrote on Twitter last Thursday, adding the notice “doesn’t look legit”.

The DOJ issued its statement on the seizure later that day.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ireland Shuts Down Health IT System After Ransomware Attack

The health service in Ireland has suffered a 'significant ransomware attack' and has shut down…

46 mins ago

Price For Microsoft Surface Duo Slashed In US

Another Microsoft phone failure? Seven months after Redmond's dual screen smartphone device went on sale,…

1 hour ago

NHS Covid-19 App Saved Up To 8,700 Lives, Says Research Paper

NHS contact tracing app used in England and Wales during Coronavirus pandemic saved thousands of…

17 hours ago

Google Cloud, SpaceX Sign Deal For Enterprise Cloud Services

Elon Musk's SpaceX is to deliver Google Cloud services to enterprises at the 'network edge',…

19 hours ago

Google Fined 100 Million Euros By Italian Antitrust Regulator

Stiff penalty imposed by Italian watchdog over Google's alleged decision to restrict access of one…

20 hours ago

Colonial Pipeline Posted Security Job Before Ransomware Attack

Posting for security manager job at Colonial Pipeline was made weeks before devastating ransomware attack…

21 hours ago