This week, a joint operation by the FBI, as well as law enforcement officers from Northern Ireland, the Netherlands, Germany and the UK led to the removal of the domain site WeLeakInfo.com. For more than three years, this service has been selling data access to more than 12.5 billion accounts collected from 10,000 different leaks. In fact, for a fee, the site provided access to people's passwords in clear text. Moreover, access itself cost only $ 2 per day.
The site was known and popular in the black market. So, hackers bought access to WeLeakInfo, and then searched in its depths for the name, email address or name of the user they wanted to hack. In response to such requests, the site returned all data associated with this user that had previously leaked from various sources, including passwords, if available. Attackers used such passwords, trying to log in with their help in different user profiles (hoping that the victim reused the same passwords on different sites).
In a press release, the US Department of Justice called on the public to help identify the owners of the site, and a day later the Dutch police arrested A 22-year-old man who appears to be a WeLeakInfo operator.
Let me remind you that this is not the first closed resource of this kind. Earlier in 2017, law enforcement officers also eliminated another “leak aggregator” that traded other people's personal data – LeakedSource. Its authors, Defiant Tech Inc., collected dumps of various data leaks (both from open access and buying them directly from hackers), and then sold access to this gigantic database to everyone. Among the data available on the site were user names, full names, email addresses, mailing addresses, phone numbers, as well as passwords in clear text.
Currently, there are at least three other sites that work in the same way that LeakedSource and WeLeakInfo: sell access to stolen data, including passwords in clear text. These are Dehashed, Snusbase and Leak-Lookup.