Law enforcement has seized one of the largest marketplaces for selling stolen account credentials.
The website’s infrastructure has been taken over by the police, according to the US Department of Justice (DoJ).
A seizure warrant affidavit unsealed on Thursday outlined Slilpp’s past activities. In operation since at least 2012, the marketplace — with domains on both the clear and dark web — offered stolen credentials for services including PayPal, Wells Fargo, Amazon, Chase, Capital One, and more.
These included usernames and passwords, mobile phone accounts, and e-commerce accounts.
The DoJ says that over 80 million credentials were available for purchase from over 1,400 victim organizations worldwide.
Law enforcement from the US, Germany, the Netherlands, and Romania was involved in the confiscation of servers supporting the platform’s infrastructure and various domain names.
Slilpp buyers would allegedly use these credentials to perform banking theft and fraud, such as wire transfers from victims to accounts owned by them.
“To date, over a dozen individuals have been charged or arrested by US law enforcement in connection with the Slilpp marketplace,” the DoJ says.
According to Acting Assistant Attorney General Nicholas McQuaid, Slilpp allegedly caused “hundreds of millions of dollars in losses to victims worldwide” — and at least $200,000 in losses in the US alone. However, the “full extent” of the marketplace’s role in the credential theft economy is “not known.”
“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located,” McQuaid commented.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0