Connect with us

Hi, what are you looking for?



FBI Takes Down Site Selling Subscriptions to Stolen Data

WeLeakInfo Website Taken Down in International Law Enforcement Operation

WeLeakInfo Website Taken Down in International Law Enforcement Operation

WeLeakInfo(.)com, a website that sold stolen personal data to subscribers, has been seized by the FBI in an action supported by the UK’s National Crime Agency, the Dutch National Police Corp, the German Bundeskriminalamt, and the Police Service of Northern Ireland.

The site advertised itself as something similar to Troy Hunt’s ‘haveibeenpwned’ service: “Have your passwords been compromised? Find out by searching…” The big differences, however, were that WeLeakInfo provided users with plaintext passwords for other people, and charged their users. For just $2, anybody could make as many WeLeakInfo searches as they wished for a whole day. From there, subscriptions increased to $7 for a week, $25 for a month, and $70 for three months access.

FBI Seizes WeLeakInfo DomainThe searchable data was claimed to be a total of 12 billion records gathered from 10,000 data breeches. Retrieved data could include names, email addresses, usernames, phone numbers, and passwords for online accounts.

Users of the site began to notice problems on Wednesday, commenting on Twitter, for example, “There was a red maintenance sign on the top. I’m thinking maybe they did run into an issue and its bigger than they thought.. or they are all on vacation somewhere lolz.”

But by Thursday this was replaced by a full “This domain has been seized” notice. At the same time, the U.S. Deparmtent of Justice announced, “the seized domain name — — is now in the custody of the federal government, effectively suspending the website’s operation.  Visitors to the site will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.” The District Court for the District of Columbia had issued the seizure warrant.

Meanwhile, a 22-year-old man from Arnhem, the Netherlands, and a 22-year-old man from Flintona, Northern Ireland, had been arrested on Wednesday following tips from the UK’s NCA. The NCA announced today, “A website [WeLeakInfo}… has been taken down following an investigation led by the National Crime Agency (NCA), in collaboration with international law enforcement partners.”

The NCA began its investigation in August 2019. Credentials retrieved from the website are known to have been used in subsequent cyber-attacks in the U.S., the UK and Germany. The NCA believes that the two arrested individuals made total profits in excess of £200,000 from the website. “Online payments tracing back to IP address believed to have been used by the two men,” said the NCA in its statement, “point them being heavily involved in the running of the site. NCA officers found evidence of payments being made from these accounts to infrastructure companies in Germany and New Zealand to host its data.”

Advertisement. Scroll to continue reading.

Robert Ramsden-Board, VP EMEA at Securonix, commented, “The internet is far-reaching; therefore, cybercrime and its impact on businesses and individuals is rarely contained within one nation. So, collaboration between the US, UK and other nations law enforcement organizations is a critical step towards effectively tackling cybercrime.”

What hasn’t been indicated at this stage is whether the various national authorities involved believe they have secured all copies of the data and code used by the WeLeakInfo site. If not, the service could rapidly reappear elsewhere under a different name. The DOJ statement noticeably states that anybody with information on “or its owners and operators are encouraged to provide that information by filing a complaint.”

Ilia Kolochenko, founder and CEO of ImmuniWeb, commented, “From a legal perspective, the commerce of stolen property is criminally punishable in most Western jurisdictions. The prosecution will likely argue that the admins were deliberately profiteering from the unlawful sale of stolen property, recklessly allowing third-parties to access victims’ sensitive data.”

“ was a useful resource for threat actors,” adds Ramsden-Board. “Hackers could perform unlimited searches for exposed data for as little as $2 a day. Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks.”

Kolochenko continued, “Given the purely commercial nature of the project, malicious intent would be easy to prove, forming an irrefutable indictment with severe prison terms on the horizon. The admins would be advised to take experienced criminal defense lawyers and consider negotiating a guilty plea. In any case, this incident serves an unambiguous “tolerance zero” notice to all grey marketplaces.”

Related: Community Project Crushes 100,000 Malware Sites in 10 Months 

Related: Authorities Takedown GozNym Cybercrime Group That Stole Estimated $100M 

Related: International Law Enforcement Operation Targets IM-RAT Malware 

Related: Authorities Take Down Cryptocurrency Mixing Service

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...