Following an international operation, the FBI has seized and shut down a website called WeLeakInfo that sold private user data from over 10,000 data breaches. As part of the operation, police in the Netherlands and Northern Ireland arrested two 22-year old believed to be connected to the site.
Meanwhile the FBI, working in coordination with police forces in Europe, took down the domain for the site and redirected it to a seizure notice.
WeLeakInfo claimed to have over 12 billion usernames and passwords siphoned from around 10,300 breaches at various companies and websites. It had organized that information into an easily searchable database, letting users look up someone’s email address to find out what passwords, names, phone numbers and IP addresses were linked. The site offered access to all the info via subscriptions starting at as little as $2.
The site promoted itself as a legitimate way to perform security research, even though it offered phone numbers, IP addresses and other personal info that’s protected by law. (If you want to find out whether your username and password has been stolen, you can go to security expert Troy Hunt’s excellent haveibeenpawned.com site and get the information for free.)
As part of the operation, the FBI is asking people with any information about WeLeakInfo to file a complaint.