UK Police Arrest 21 WeLeakInfo Users in Major Data Crime Operation
British police have arrested 21 individuals as part of an operation targeting crimes involving stolen data that was traded on WeLeakInfo[.]com. Although the underground marketplace was shut down nearly a year ago, its former subscribers have continued to engage in hacking and fraud, profiting from their previous purchases.
Background on WeLeakInfo
WeLeakInfo launched in 2017 and was taken offline in January 2020 when law enforcement seized its domain. This international operation involved the FBI, the UK’s National Crime Agency (NCA), as well as police from Germany and Northern Ireland.
Subscribers to WeLeakInfo could, for a small fee, search through databases of personal and registration data stolen in various breaches. Since many users still reuse passwords across different sites, downloading ready-made lists from the marketplace allowed criminals to carry out credential stuffing attacks, bypassing the need for time-consuming dictionary attacks. Access to stolen personal information enabled a range of fraudulent schemes.
Scale of the Breach and Arrests
At the time of its shutdown, WeLeakInfo’s databases contained 12 billion records from over 10,000 data breaches. Two operators of the site were arrested in the Netherlands and Northern Ireland shortly after the takedown; their joint Twitter account has been inactive since.
Now, more than 20 male clients of the underground service, aged 18 to 38, have been arrested. They are accused of violating the UK’s Computer Misuse Act and/or committing fraud. During searches, authorities seized over £41,000 in Bitcoin (just over $55,000 at current rates), which was allegedly obtained illegally.
Additional Findings and Ongoing Investigations
According to the NCA, some of those arrested had also purchased remote access trojans and cryptors to conceal malicious code, in addition to stolen data. Evidence of involvement in the distribution of child pornography was found in three cases.
Police also visited another 69 residents of England, Wales, and Northern Ireland suspected of offenses that could lead to criminal prosecution. Sixty of them were served with cease and desist notices for activities that could result in legal action. Authorities plan to conduct further visits in the coming months as part of ongoing cybercrime prevention efforts.