Expert Comments On WeLeakInfo.com Seized For Selling Info From Data Breaches

The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from data breaches and allowed users to pay to access it. To access this data, visitors could subscribe to various plans ranging from a $2 trial to a $70 three-month unlimited access account. These plans would then allow a user to perform searches that retrieve information exposed in these data breaches.


EXPERTS COMMENTS
Rob Gurzeev, CEO and Co-Founder,  CyCognito
January 21, 2020
They use cheap, automated, and widely available scanning and exploitation capabilities to amass massive troves of data.
This is an important reminder that cyber attackers, by virtue of the advanced tools and techniques they use, typically have the upper hand when looking for weaknesses they can compromise. They use cheap, automated, and widely available scanning and exploitation capabilities to amass massive troves of data that can be monetized. Security professionals deal every day with the fact that attackers n ....
[Read More >>]
Robert Ramsden Board, VP EMEA ,  Securonix
January 20, 2020
Hackers could perform unlimited searches for exposed data for as little as $2 a day.
Weleakinfo.com was a useful resource for threat actors. Hackers could perform unlimited searches for exposed data for as little as $2 a day. Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks. The internet is far-reaching; therefore, cybercrime and its impact on businesses ....
[Read More >>]
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
January 17, 2020
The admins would be advised to take experienced criminal defence lawyers and consider negotiating a guilty plea.
From a legal perspective, the commerce of stolen property is criminally punishable in most Western jurisdictions. The prosecution will likely argue that the admins were deliberately profiteering from the unlawful sale of stolen property, recklessly allowing third-parties to access victims' sensitive data. Given the purely commercial nature of the project, malicious intent would be easy to prove, ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
January 17, 2020
Implementing 2FA will also help mitigate this risk.
Cyber criminals can do a lot of damage with a large list from a breach, even when it simply contains names and emails. The big risk comes from brute force attacks, where criminals use leaked common password combinations against emails to try and break into personal accounts. An incredibly large amount of people still use predictable or simple passwords. Together with previous and even recent high ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article