Connect with us

Hi, what are you looking for?



Authorities Seize Online Marketplace for Stolen Credentials

Law enforcement authorities have seized the domains of an online marketplace for stolen login credentials and other personally identifying information (PII).

Law enforcement authorities have seized the domains of an online marketplace for stolen login credentials and other personally identifying information (PII).

On Tuesday, Portuguese authorities seized a website selling over 5.85 million records of PII, while law enforcement agencies in the US seized four domains associated with the online shop, namely ‘’, ‘’,’, and ‘’.

A federal complaint unsealed on Tuesday charges Nicolai Colesnicov, 36, of the Republic of Moldova, with operating wt1shop to facilitate the selling of stolen credentials and PII.

On the online market, vendors were offering roughly 25,000 scanned driver’s licenses/passports, 1.7 million stolen login credentials for online retailers, the details of 108,000 bank accounts, and roughly 21,800 credit cards.

According to the affidavit accompanying the federal complaint, visitors of the illegal marketplace could purchase the stolen data using Bitcoin. The online market also had a forum that users could access.

An image of the wt1shop database obtained in June 2020 by Dutch law enforcement officials showed that the marketplace had roughly 60,823 registered users, 91 of which were sellers and two were administrators.

The affidavit alleges that, as of June 2020, roughly 2.4 million credentials had been sold on wt1shop, for total proceeds of $4 million.

The sold credentials were for online retailers, financial institutions, PayPal accounts, and email accounts. Other credentials were for remote access to computers, servers, and other devices.

Advertisement. Scroll to continue reading.

In December 2021, the website had over 106,000 users and 94 sellers and offered a total of roughly 5.85 million credentials for sale.

Authorities have traced to Colesnicov Bitcoin sales made on the illegal marketplace, payments made to wt1shop’s webhost, email addresses related to the shop, and associated login information, and have determined that Colesnicov was the operator of wt1shop.

Colesnicov has been charged with conspiracy and trafficking in unauthorized access devices and faces up to 10 years in federal prison.

Related: Russian Operator of Cybercrime Marketplace Indicted in US

Related: Moderator of AlphaBay Dark Web Marketplace Gets 11 Years in Prison

Related: German Police Take Down ‘World’s Largest Darknet Marketplace’

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

Check Point Software has appointed Nadav Zafrir as Chief Executive Officer

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

More People On The Move

Expert Insights