Cyber Attack

Slilpp – The Largest Marketplace for Stolen Online Account Logins Shutdown

Slilpp, the largest marketplace for allegedly stolen online account login credentials, offering over 80 million stolen credentials for over 1,400 victim providers worldwide.

The US Department of Justice (DoJ) has shut down the dark-web marketplace Slilpp, which has been trading stolen username and password combinations.

The Justice Department Taken Down the Infrastructure of Slilpp

“The Justice Department declared its participation in a multinational operation involving actions in the United States, Germany, the Netherlands, and Romania to disrupt and take down the infrastructure of the online marketplace known as Slilpp”.

Operational since 2012, Slilpp marketplace has been selling stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts.

The marketplace allowed vendors to sell, and customers to buy, stolen login credentials by providing the forum and payment mechanism for such transactions; Slilpp buyers consequently used those login credentials to carry out unauthorized transactions such as wire transfers from the related accounts, according to the Affidavit.

So far, the report says more than a dozen individuals have been charged or arrested by U.S. law enforcement in association with the Slilpp marketplace.

The FBI, working with foreign law enforcement agencies in Germany, the Netherlands, and Romania, identified and seized control of a series of servers that hosted Slilpp’s infrastructure and various domains.

Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division mentions that “The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims”.

It is said that there are more than 1,400 account providers available for sale on the Slilpp marketplace. Based on the small number of existing victim reports, the stolen login credentials sold over Slilpp have been used to cause over $200 million in losses in the United States. The full impact of Slilpp is not yet known.

Slilpp marketplace

“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”, Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department.

“The FBI and the international partners sent a clear message to those who, as alleged, would steal and traffic in stolen identities: we will not allow cyber threats to go unchecked,” said Acting U.S. Attorney Channing D. Phillips of the District of Columbia.

Therefore, Slilpp is the third marketplace to be taken down by the DoJ after xDedic in January 2019 and DEER.IO in January 2021, both of which catered to harvesting and selling login credentials.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Shocking Indictment! Chief Operating Officer (COO) Charged for Hacking into a Medical Center

Latvian Women Charged for her Role in Creating and Deploying Banking Malware Trickbot

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Cisco Warns of Password Spraying Attacks Exploiting VPN Services

Password spraying is a technique hackers often take advantage of because it enables them to…

2 hours ago

GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now

GitLab has announced the release of updated versions for both its Community Edition (CE) and…

2 hours ago

Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now

Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…

7 hours ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

20 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

21 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

24 hours ago