- How to Become a Chief Information Officer: CIO Cheat Sheet
- 3 handy upgrades in MacOS 15.1 - especially if AI isn't your thing (like me)
- Your Android device is vulnerable to attack and Google's fix is imminent
- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
- How to track US election results on your iPhone, iPad or Apple Watch
Marketplace Selling Stolen Credentials Is Dismantled
An online marketplace offering millions of allegedly stolen online account login credentials for sale has been taken down in a coordinated international operation.
Law enforcement agencies in Germany, the Netherlands, Romania, and the United States worked together to disrupt and dismantle the infrastructure of the store named Slilpp.
According to a seizure warrant affidavit unsealed on June 10, the Slilpp marketplace pedaled stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, for nearly a decade.
The affidavit states that since 2012, the Slilpp marketplace has been providing a forum and payment mechanism that allowed vendors to sell, and customers to buy, illegally obtained login credentials.
Buyers later used the login credentials they had purchased through Slilpp to conduct unauthorized transactions such as wire transfers from the related accounts, according to the affidavit.
To date, over a dozen individuals have been charged or arrested by United States law enforcement in connection with the Slilpp marketplace.
A series of servers that hosted the Slilpp marketplace infrastructure and its various domain names were identified and seized by the Federal Bureau of Investigation and its partners working in foreign law enforcement overseas.
At the time of the seizure and subsequent disruption of the marketplace, the affidavit alleges, stolen account login credentials for more than 1,400 account providers were available for sale on Slilpp.
The full impact of Slilpp has not yet been determined. Based on existing victim reports, the affidavit states, stolen login credentials sold via the marketplace have been exploited to cause losses in excess of $200m in the United States alone.
“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” said Acting Assistant Attorney General Nicholas McQuaid of the Justice Department’s Criminal Division.
“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”