Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.
For as little as $2 per day, anyone could search the controversial website’s database of records and in many instances extract names, email addresses, phone numbers, and passwords. These passwords could then be used by unscrupulous hackers to break into other accounts where users had made the mistake of reusing the same credentials.
With the seizure of the WeLeakInfo.com domain, the website’s operations are effectively suspended.
Visitors to the WeLeakInfo.com website are now greeted by a message from the various law enforcement agencies who have been investigating the website’s activities.
A 22-year-old man was arrested by police on Wednesday in Fintona, County Tyrone, Northern Ireland, in connection with the website, and another 22-year-old male has been arrested by East Netherland Cyber Crime Unit (Politie) in Arnhem.
According to an NCA press release, the two individuals are suspected by police of having made profits in excess of £200,000 from the site.
Prosecutors are likely to argue that those behind the website were profiting from the unlawful sale of stolen data, and assisting third-parties in also accessing sensitive details.
It’s important to recognise that there is a clear difference between the likes of WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned.
WeLeakInfo allowed anyone to scoop up the passwords of those involved in a data breach, meaning they could be used in future security breaches.
HaveIBeenPwned, on the other hand, doesn’t store or share anybody’s password – instead the service, which I heartily recommend individuals and organisations sign up for, informs you if your email address has been included in a data breach. And that’s it. The onus is then on you to take steps to protect yourself (which may mean resetting passwords, and ensuring that you are not using the password you use on the hacked website anywhere else).
Authorities say they continue to investigate WeLeakInfo, and one can’t help but wonder if there will be more arrests if the site’s customer details are extracted from the seized infrastructure.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.