Britain’s National Crime Agency announced that 21 individuals have been arrested across the UK on suspicion of purchasing personally identifiable information from the WeLeakInfo website.
The arrests, which took place over five weeks starting in November, are a part of an ongoing investigation, coordinated by the National Crime Agency and cybercrime teams from across the Team Cyber UK network.
WeLeakInfo.com is a data breach notification service that allows its customers to verify whether their credentials have been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches.
“Those targeted were customers of WeLeakInfo, a site that hosted 12 billion stolen credentials from over 10,000 data breaches before it was taken down in January 2020 following an NCA investigation”, reads the announcement published by the NCA.
After the seizure of WeLeakInfo.com, cybercriminals paid for access to the site to download personal data for use in further criminality, including cyber attacks and fraud offences.
The NCA Investigation
As a result of NCA investigation, 21 individuals were arrested, all men aged between 18 to 38, nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both.
The evidence implies that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and crypters.
Furthermore, three individuals are involved with, indecent images of children.
Paul Creffield, from the NCA’s National Cyber Crime Unit, said: “Through the identification of UK customers of WeLeakInfo, we were able to locate and arrest those who we believe have used stolen personal credentials to commit further cyber and fraud offences”.
“The NCA and UK law enforcement take such offences extremely seriously and they can result in a huge financial loss to victims”.
The Data breach notification services are considered as legal since it alerts individuals when their data are exposed in a data breach. The website like WeLeakInfo is a treasure for threat actors that could gather information on their targets before launching a cyber attack.
“Cybercriminals rely on the fact that people duplicate passwords on multiple sites and data breaches create the opportunity for fraudsters to exploit that.”, says NCI. Therefore password hygiene is extremely important.