Federal and European law-enforcement agencies last week seized the domain of WeLeakInfo.com, an online site that allegedly held 12 billion stolen records from 10,000 data breaches.
The now-shuttered site’s data included names, email addresses, usernames, phone numbers, and passwords for online accounts, according to a news release from the FBI and the U.S. Attorney’s office for the District of Columbia. WeLeakInfo reportedly billed itself as a site where people could find out if their passwords had been compromised, but in reality it apparently was a vast marketplace for fraudsters.
“The Web site sold subscriptions so that any user could access the results of these data breaches, with subscriptions providing unlimited searches and access during the subscription period (one day, one week, one month, or three months),” the release says.
Subscriptions could be purchased for as little as $2 per day, according to the United Kingdom’s National Crime Agency (NCA), which began investigating WeLeakInfo last August. Credentials linked to WeLeakInfo are known to have been used in cyberattacks in the U.K., Germany, and the U.S., the NCA said in its own news release.
It was not immediately clear if the stolen data included bank or credit/debit card information. A spokesperson for the Department of Justice could not be reached Monday. The FBI and DoJ investigated the site along with authorities in the U.K., Netherlands, and Germany.
Authorities last Wednesday arrested two 22-year-old men in connection with the site, one in Fintona, Northern Ireland, and the other in Arnhem, Netherlands. The WeLeakInfo site was seized late that night.
The two suspects allegedly made profits in excess of￡200,000 ($260,000) from the site, according to the NCA. The agency said Internet Protocol addresses believed to have been used by the two men indicated they were “heavily involved” in running the WeLeakInfo site, which reportedly was hosted on infrastructure in Germany and New Zealand.
The NCA also said authorities found links between the site and the sale of cybercrime tools, such as remote access Trojans. In November, British authorities executed 21 search warrants across the U.K. as part of an investigation into cybercrime tools, and several suspects from that probe allegedly had paid for access to WeLeakInfo.com.
The WeLeakInfo suspect from Northern Ireland has been released on bail; information about the Netherlands suspect was not immediately available.