Slilpp, the largest marketplace for allegedly stolen online account login credentials, offering over 80 million stolen credentials for over 1,400 victim providers worldwide.
The US Department of Justice (DoJ) has shut down the dark-web marketplace Slilpp, which has been trading stolen username and password combinations.
The Justice Department Taken Down the Infrastructure of Slilpp
“The Justice Department declared its participation in a multinational operation involving actions in the United States, Germany, the Netherlands, and Romania to disrupt and take down the infrastructure of the online marketplace known as Slilpp”.
Operational since 2012, Slilpp marketplace has been selling stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts.
The marketplace allowed vendors to sell, and customers to buy, stolen login credentials by providing the forum and payment mechanism for such transactions; Slilpp buyers consequently used those login credentials to carry out unauthorized transactions such as wire transfers from the related accounts, according to the Affidavit.
So far, the report says more than a dozen individuals have been charged or arrested by U.S. law enforcement in association with the Slilpp marketplace.
The FBI, working with foreign law enforcement agencies in Germany, the Netherlands, and Romania, identified and seized control of a series of servers that hosted Slilpp’s infrastructure and various domains.
Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division mentions that “The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims”.
It is said that there are more than 1,400 account providers available for sale on the Slilpp marketplace. Based on the small number of existing victim reports, the stolen login credentials sold over Slilpp have been used to cause over $200 million in losses in the United States. The full impact of Slilpp is not yet known.
“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”, Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department.
“The FBI and the international partners sent a clear message to those who, as alleged, would steal and traffic in stolen identities: we will not allow cyber threats to go unchecked,” said Acting U.S. Attorney Channing D. Phillips of the District of Columbia.
Therefore, Slilpp is the third marketplace to be taken down by the DoJ after xDedic in January 2019 and DEER.IO in January 2021, both of which catered to harvesting and selling login credentials.