WeLeakInfo gets pwned by FBI; Dutch, Irish police arrest alleged breach brokers, Ars Technica

Search Seizure –

Site aggregated billion billion usernames and passwords from over 11, breaches.

Sean Gallagher –Jan (****************************************************************, ********************************************** 4: 42 pm UTC

********************

/The seizure notice for WeLeakInfo even included the site’s logo. Fancy.

********************** On Wednesday, police in the Netherlands and Northern Ireland arrested two – year-old men believed to be connected to WeLeakInfo, a site offering usernames and passwords from multiple data breaches for sale . At the same time, the Federal Bureau of Investigation, in coordination with the UK’s National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland, took down the domain for the site, redirecting it to a seizure notice (shown above).

At first, some thought the takedown was simply a breach of the site itself — mostly because the FBI took the time to add the site’s logo to the takedown notice.

There’s a mess happening over at We Leak Info since yesterday. It looks like they got hacked, and someone threw up an FBI seizure page. The seizure notice doesn’t look legit.

… Not a good look for them …

https://t.co/XGGIRaJKQk# WeLeakInfo**************************** (# WLI) ******************************** pic.twitter.com/SUzaAQD8Pd(***********

– Cypher (@CryptoCypher) (January) ****************************************************************, ************************************************

But on Thursday afternoon, the Justice DepartmentAnnounced the takedownand put out a call for further information on WeLeakInfo and its operators. WeLeakInfo claimed to have over (billion usernames and passwords from a collection of over, data breaches. Originally hosted at a Canadian hosting company data center when set up in 2020, the domain was moved behind Cloudflare a day later. The site, originally advertised as “the most extensive private database search engine,” purported to be a legitimate tool for companies to perform security research — even claiming to offer an application interface for performing bulk checks for breaches of company accounts.

Enlarge/How WeLeakInfo looked before the takedown.

(********************

But the site was alleged to be selling more than just breach warnings. In an announcement of the seizure of the domain posted Thursday by the US Justice Department, the DOJ alleged that WeLeakInfo allowed its users to access “a search engine to review and obtain the personal information illegally obtained in over (***********************************************************************, (data breaches containing over billion billion indexed records — including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts. ” The site’s subscription plans allowed users unlimited access to the data.

While the domain has been seized and computers connected to its operation were confiscated by Dutch police, the fate of the site’s server remains unknown.