Ukraine Investigates Teen Suspected of Breaching 30,000 Customer Accounts at California Online Retailer via Infostealers
Published
Key Takeaways
- Massive Data Compromise: An international cybercrime operation breached nearly 30,000 customer accounts targeting a California-based online retailer.
- Significant Financial Impact: Threat actors executed $721,000 in unauthorized purchases, resulting in over $250,000 in total operational losses.
- Suspect Infrastructure Takedown: Ukrainian authorities identified an 18-year-old Odesa resident managing the stolen data and cryptocurrency transactions.
Ukrainian authorities have identified an 18-year-old suspect, a resident of Odesa, who is allegedly linked to a sophisticated international cybercrime operation that compromised nearly 30,000 customer accounts using infostealers, specifically targeting users of an unnamed California-based online retailer.
Infostealer Malware and Financial Losses
Between 2024 and 2025, officials reported that threat actors used at least 5,800 compromised accounts to make unauthorized purchases totaling approximately $721,000. These fraudulent transactions resulted in more than $250,000 in direct losses, including chargeback costs.
To execute this campaign, the unnamed hacker group(s) deployed infostealer malware to harvest login credentials and session data from infected devices.
Once exfiltrated, the stolen information was processed and subsequently sold across various online platforms and Telegram bots.
Investigators allege the individual managed the underlying network infrastructure used for “processing, selling, and using stolen session data.” Furthermore, the suspect relied on cryptocurrency services for financial transactions with alleged accomplices.
Odesa Raid and Infrastructure Seizure
The investigation commenced after U.S. authorities notified their Ukrainian counterparts that hackers operating from the Eastern country were potentially orchestrating targeted attacks against American e-commerce platforms, according to statements from Ukraine's Prosecutor General cited by Recorded News.
Ukrainian authorities conducted targeted searches at two residences associated with the suspect, seizing mobile phones, computers, bank cards, and electronic storage devices, and recovering credentials for platforms used to distribute the stolen data, compromised user email accounts, server activity logs, and critical cryptocurrency exchange account information.
Last month, Rituals Cosmetics announced a data breach targeting global membership records, and Zara parent company Inditex reported a third-party data breach affecting the transactions database.
A February report said infostealers evolved to target AI agents and OpenClaw configurations. January reports said infostealer logs were also used in a credential stuffing attack targeting PCComponentes
In December 2025, three Ukrainian hackers were arrested in Warsaw on charges of national defense threats.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular