Security Experts:

Connect with us

Hi, what are you looking for?



FBI Takes Down Site Selling Subscriptions to Stolen Data

WeLeakInfo Website Taken Down in International Law Enforcement Operation

WeLeakInfo Website Taken Down in International Law Enforcement Operation

WeLeakInfo(.)com, a website that sold stolen personal data to subscribers, has been seized by the FBI in an action supported by the UK’s National Crime Agency, the Dutch National Police Corp, the German Bundeskriminalamt, and the Police Service of Northern Ireland.

The site advertised itself as something similar to Troy Hunt’s ‘haveibeenpwned’ service: “Have your passwords been compromised? Find out by searching…” The big differences, however, were that WeLeakInfo provided users with plaintext passwords for other people, and charged their users. For just $2, anybody could make as many WeLeakInfo searches as they wished for a whole day. From there, subscriptions increased to $7 for a week, $25 for a month, and $70 for three months access.

FBI Seizes WeLeakInfo DomainThe searchable data was claimed to be a total of 12 billion records gathered from 10,000 data breeches. Retrieved data could include names, email addresses, usernames, phone numbers, and passwords for online accounts.

Users of the site began to notice problems on Wednesday, commenting on Twitter, for example, “There was a red maintenance sign on the top. I’m thinking maybe they did run into an issue and its bigger than they thought.. or they are all on vacation somewhere lolz.”

But by Thursday this was replaced by a full “This domain has been seized” notice. At the same time, the U.S. Deparmtent of Justice announced, “the seized domain name — — is now in the custody of the federal government, effectively suspending the website’s operation.  Visitors to the site will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.” The District Court for the District of Columbia had issued the seizure warrant.

Meanwhile, a 22-year-old man from Arnhem, the Netherlands, and a 22-year-old man from Flintona, Northern Ireland, had been arrested on Wednesday following tips from the UK’s NCA. The NCA announced today, “A website [WeLeakInfo}… has been taken down following an investigation led by the National Crime Agency (NCA), in collaboration with international law enforcement partners.”

The NCA began its investigation in August 2019. Credentials retrieved from the website are known to have been used in subsequent cyber-attacks in the U.S., the UK and Germany. The NCA believes that the two arrested individuals made total profits in excess of £200,000 from the website. “Online payments tracing back to IP address believed to have been used by the two men,” said the NCA in its statement, “point them being heavily involved in the running of the site. NCA officers found evidence of payments being made from these accounts to infrastructure companies in Germany and New Zealand to host its data.”

Robert Ramsden-Board, VP EMEA at Securonix, commented, “The internet is far-reaching; therefore, cybercrime and its impact on businesses and individuals is rarely contained within one nation. So, collaboration between the US, UK and other nations law enforcement organizations is a critical step towards effectively tackling cybercrime.”

What hasn’t been indicated at this stage is whether the various national authorities involved believe they have secured all copies of the data and code used by the WeLeakInfo site. If not, the service could rapidly reappear elsewhere under a different name. The DOJ statement noticeably states that anybody with information on “or its owners and operators are encouraged to provide that information by filing a complaint.”

Ilia Kolochenko, founder and CEO of ImmuniWeb, commented, “From a legal perspective, the commerce of stolen property is criminally punishable in most Western jurisdictions. The prosecution will likely argue that the admins were deliberately profiteering from the unlawful sale of stolen property, recklessly allowing third-parties to access victims’ sensitive data.”

“ was a useful resource for threat actors,” adds Ramsden-Board. “Hackers could perform unlimited searches for exposed data for as little as $2 a day. Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks.”

Kolochenko continued, “Given the purely commercial nature of the project, malicious intent would be easy to prove, forming an irrefutable indictment with severe prison terms on the horizon. The admins would be advised to take experienced criminal defense lawyers and consider negotiating a guilty plea. In any case, this incident serves an unambiguous “tolerance zero” notice to all grey marketplaces.”

Related: Community Project Crushes 100,000 Malware Sites in 10 Months 

Related: Authorities Takedown GozNym Cybercrime Group That Stole Estimated $100M 

Related: International Law Enforcement Operation Targets IM-RAT Malware 

Related: Authorities Take Down Cryptocurrency Mixing Service

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.