Cybercrime , Fraud Management & Cybercrime
Dutch Police Warns Users of Credentials Leak Site
400 Potential WeLeakInfo Patrons Warned of Legal Costs of Criminal WrongdoingHundreds of Dutch patrons of a now-defunct credential marketplace received warnings from the national police in an attempt to prevent potential crimes using illicitly obtained personal identifiable information.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Dutch national police Politie on Tuesday said it has sent letters and emails to 400 "possible customers" of WeLeakInfo, a database and search engine that indexed more than 12 billion personal records. An international law enforcement operation seized its domains in 2020 (see: 'WeLeakInfo' Website Shut Down).
Tuesday's letters from the Dutch police warned the recipients of potential legal repercussions of selling and using personal information for criminal purposes. The measure is intended to prevent WeLeakInfo users from benefiting or engaging in future crimes using personal identifiable information sold through the website, the Dutch police said.
The letter also asks the recipients to appear for a "stop interview," issued as part of the Dutch police's cease-and-desist operations. At the interview, the authorities will probe any potential offenders about their intention behind obtaining personal data from the defunct site and facilitate direct reporting of any crime committed using the data.
"The interview will take place in the coming months," Marèl van Steenbergen, cybercrime communications adviser for the Eastern Netherlands Police Unit, said. "It is aimed at removing users from anonymity and sending a clear signal that criminal offenses committed online are also visible," she told Information Security Media Group.
The recipients of the letter may terminate the interview by producing a legal declaration.
Authorities said WeLeakInfo mainly contained data culled from 10,000 data breaches and mainly sold names, email addresses, usernames, phone numbers and passwords for online accounts to cybercriminals who could buy a subscription for as little as $2 a day to access the data. Investigators found that WeLeakInfo also sold access to malware such as remote access Trojans. In 2020, police arrested two men in Northern Ireland and the Netherlands who had collectively earned $260,000 from operating the site, authorities alleged.
U.S. authorities in June 2022 seized additional WeLeakInfo domains and U.K. police arrested 21 WeLeakInfo operators.