Two men were arrested in the Netherlands and Northern Ireland under suspicion of trying to sell 12 billion usernames and passwords online, Dutch police said on Friday.
The website, WeLeakInfo.com, was later shut down by the FBI.
A 22-year-old man was arrested in the eastern Dutch city of Arnhem after police received a tip from a Dutch cybercrime unit working with Britain’s National Crime Agency, the FBI and German police.
A second suspect, also 22, was nabbed in Northern Ireland. Police raided two homes in Arnhem, including that of the suspect, and found professional equipment that allowed him to sell the data via the website “We Leak Info.”
Investigators found their way to the suspects by tracing payments back to an IP address believed to have been used by the two men, according to a statement issued by Britain’s National Crime Agency (NCA).
Stolen data for sale
While there was no specific information about the suspect arrested in Northern Ireland, Dutch police said that the suspect found during the raids in Arnhem is thought to have played a “facilitating role” in the data hacking scheme.
The investigation began in August of last year, and the usernames and passwords offered for sale and were used in cyber attacks in the UK, Germany and the US.
The website purported to offer unlimited access to all data listed on its site for $2 (€1,80) per day, or $25 per month, according to Dutch public broadcaster NOS.
While the site claimed to help users discover if their personal information had been stolen, it actually provided hackers easy access to “information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records,” said the US Department of Justice in a statement.
The NCA said that the stolen credentials were taken from around 10,000 separate data breaches, on popular sites such as LinkedIn and MyFitnessPal. The suspects were also believed to have made over £200,000 (€234,000)($261,000) from data sales on the site.
Since the site was shut down, the homepage displays a disclaimer saying “This domain has been seized” with the logos of several law enforcement organizations.
The post Two arrested after attempt to sell 12 billion passwords appeared first on Deutsche Welle.