US authorities have seized this week the domain of WeLeakInfo.com, an online service that for the past three years has been selling access to data hacked from other websites.
The website provided access to people’s cleartext passwords, allowing hackers to purchase a subscription on the site and gain access to billions of user credentials.
Due to this illegal practice, the website built a reputation on the hacking underground as an excellent source and place to perform reconnaissance against their targets.
How hackers used WeLeakInfo
Hackers would buy access to the site, and then search for the name, email, or userame of a person they wanted to hack. The site would then return results about all the data breaches were the user’s data was included, including cleartext passwords — if available.
The hacker would take past passwords and attempt to use them against a user’s other online profiles, hoping that the target had re-used passwords on other sites.
The website was dirt cheap, which made it highly accessible even to low-skilled hackers with liddle funds. For as little as $2 per day, hackers could perform unlimited searches for a user’s data on the site.
Before it had its domain seized two days ago, on January 15, WeLeakInfo claimed on its website to have indexed more than 12 billion user records from more than 10,000 data breaches.
The website was taken down following a joint operation by the FBI and authorities from Northern Ireland, the Netherlands, Germany, and the UK.
In a press release yesterday, the US Department of Justice asked the public for help and tips in identifying the website’s owners. A day later, today, Dutch police arrested a 22-year-old man in Arnhem on suspicion of operating the site.
Other similar websites still remain functional
This is the second major website of this type that has been shut down by US authorities. They previously took down LeakedSource in February 2017.
Currently, there are at least three other websites that operate similar to LeakedSource and WeLeakInfo — selling access to hacked data, including cleartext passwords. They are Dehashed, Snusbase, and Leak-Lookup. All three are still up, at the time of writing.
All these websites have been created on the model of Have I Been Pwned, a website set up by Australian security researcher Troy Hunt.
The difference, however, is that Have I Been Pwned never grants users access to cleartext passwords — not even their own passwords, let alone other people’s passwords.