- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
Marketplace Selling Stolen Credentials Is Dismantled
An online marketplace offering millions of allegedly stolen online account login credentials for sale has been taken down in a coordinated international operation.
Law enforcement agencies in Germany, the Netherlands, Romania, and the United States worked together to disrupt and dismantle the infrastructure of the store named Slilpp.
According to a seizure warrant affidavit unsealed on June 10, the Slilpp marketplace pedaled stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, for nearly a decade.
The affidavit states that since 2012, the Slilpp marketplace has been providing a forum and payment mechanism that allowed vendors to sell, and customers to buy, illegally obtained login credentials.
Buyers later used the login credentials they had purchased through Slilpp to conduct unauthorized transactions such as wire transfers from the related accounts, according to the affidavit.
To date, over a dozen individuals have been charged or arrested by United States law enforcement in connection with the Slilpp marketplace.
A series of servers that hosted the Slilpp marketplace infrastructure and its various domain names were identified and seized by the Federal Bureau of Investigation and its partners working in foreign law enforcement overseas.
At the time of the seizure and subsequent disruption of the marketplace, the affidavit alleges, stolen account login credentials for more than 1,400 account providers were available for sale on Slilpp.
The full impact of Slilpp has not yet been determined. Based on existing victim reports, the affidavit states, stolen login credentials sold via the marketplace have been exploited to cause losses in excess of $200m in the United States alone.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” said Acting Assistant Attorney General Nicholas McQuaid of the Justice Department’s Criminal Division.
“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”