Posted on 28 January, 2020US Federal and European law-enforcement agencies last week seized the domain of WeLeakInfo.com, an online site that allegedly held and sold access to 12 billion stolen records from 10,000 data breaches.
The now-shuttered site’s data included names, email addresses, usernames, phone numbers, and passwords for online accounts. It is thought that financial data including bank and credit card information was also available, as well as passwords to payment sites like PayPal.
WeLeakInfo.com billed itself as a site where people could find out if their passwords had been compromised, but in reality it was a marketplace for identity fraudsters looking to bolster their false personas.
The website sold subscriptions for as little as $2 per day so that any paying user could access the information gleaned from some of the most well-known data breaches. A subscription to the site provided unlimited searches and access during the subscription period (one day, one week, one month, or three months).
Whilst the site was shut down by the FBI the National Crime Agency in the UK began investigating WeLeakInfo.com last August. Credentials linked to WeLeakInfo.com are known to have been used in cyberattacks in the U.K., Germany, and the U.S.
So far the joint US and European task force has arrested two 22-year-old men in connection with the site, one in Fintona, Northern Ireland, and the other in Arnhem, Netherlands. The two suspects allegedly made profits in excess of £200,000 from the site.
Unfortunately www.weleakinfo.com is just one example of such sites offering access to personal data. It is therefore unsurprising that identity fraud is now one of the fastest growing crimes. It is now such a problem that it has been cited by WEF in its annual Global Risks Report.
It is becoming increasingly important that organisations not only find more secure ways to protect their customers’ personal information but also implement processes to recognise and identify fraudulent purchases. Only by taking a two pronged approach can identity fraud be reduced.