FBI Took Control of ‘WeLeakInfo.com’ Leaked Credentials Database

• 'WeLeakInfo.com' is now seized by the authorities following a coordinated law enforcement action.
• The website was selling people's sensitive data to users who subscribed to the service.
• There are other similar platforms out there that are now receiving an influx of new users.

The FBI has seized one of the most popular and widely used leaked credentials databases, ‘weleakinfo.com’. Visitors of the website will now get the following message of seizure, as a result of a warrant issued by the U.S. District Court of Columbia, and in collaboration with the NCA, and the police forces of Germany, the Netherlands, and Northern Ireland. The reason for the seizure according to the relevant announcement was the fact that the site was selling leaked personal data and account credentials, similarly to what darknet marketplaces are doing.

WeLeakInfo.com was offering 12 billion records deriving from over 10000 data breaches, including full names, email addresses, usernames, account passwords, and phone numbers. For anyone who would like to access this trove of data, a paid subscription would be enough to open the door to the PII depot. The platform offered four subscription tiers. The first was the “Trial”, costing $2 and allowing 24 hours of access to the database. The second one was the “Simple”, which cost $7 and raised the access period to one week. Then, there was the “Pro” package which bought people a full month of access for $25. Finally, there was also the “Elite” package aimed at "serious" actors who paid $70 for three months of access.

Obviously, users were paying the above amounts because they aimed to use the data to take over other people’s accounts, extort them, indulge in credential stuffing, phishing, and generic scamming. So, it’s like investing a small amount to make more money through exploiting other people. This is unacceptable for the FBI and in the opposite direction of what other leak information services like ‘HaveIBeenPwned’ are doing. The admins of ‘weleakinfo.com’ didn’t realize the seizure immediately, and they posted on Twitter saying that they are investigating the issue.

[status] Investigating: We are currently investigating this issue. https://t.co/9vzK4O49gw

— We Leak Info (@weleakinfo) January 15, 2020

However, this isn’t stopping the particular community from continuing its unethical job. Other similar websites like the 'Leak – Lookup', 'Snusbase', 'DeHashed', and 'Leakedsource' continue with their “business as usual”. They are even reporting an influx in traffic which should be a natural result of one big database closing down.

Due to the recent influx of traffic, we've had to perform maintenance on our cluster. Everything should be operational within the hour.

— Leak - Lookup (@LeakLookup) January 17, 2020

Could these websites enter the FBI’s crosshair next? Possibly, but it would be very hard to seize them all. There are websites doing the same on the onion domain space (Tor network), and of course, there are numerous marketplaces of this type on the dark web. Thus, this latest seizure is more of a statement from law enforcement rather than an action that will have any tangible results in the long run.