WT1SHOP: Authorities Seize Online Marketplace Selling Stolen Login Credentials and Other PII - Security Boulevard

Quick Read

The case for compromised credentials monitoring This case reveals only part of a threat landscape that goes far beyond WT1SHOP and the millions of credentials stolen and sold by just one illicit marketplace.
Compromised credentials pose a significant risk to corporations and entities across industries, targeting everything from PII, like driver’s licenses and passports, to payment information to leverage for profit.
Stop compromised credentials with Flashpoint’s CCM Flashpoint’s Compromised Credentials Monitoring (CCM) allows users to monitor exposure of compromised credentials for their enterprise domains and customer email addresses, and take action to mitigate risk of account takeover (ATO).
85 million records of stolen login credentials and other personally identifying information (PII).
7 million login credentials for various online shops, 108,000 bank accounts, and 21,800 credit cards among the stolen credentials and PII it offered for sale.
Credentials and PII sold include login credentials to a variety of access portals, including retailers and financial institutions, email accounts, and PayPal accounts, identification cards, and credentials to gain unauthorized access to and operate computers, servers, and network devices remotely.
Bitcoin sales made on WT1SHOP, payments made to the webhost of WT1SHOP, email addresses related to WT1SHOP, and associated login credentials have been traced by law enforcement to Colesnicov.

WT1SHOP: Authorities Seize Online Marketplace Selling Stolen Login Credentials and Other PII - Security Boulevard

The United States Department of Justice released a notice on Tuesday detailing the seizure of an online marketplace selling over 5.85 million records of stolen login credentials and other personally identifying information (PII). The website was seized by Portuguese authorities, while U.S. law enforcement has also seized four domains used by the website. Allegations against Nicolai Colesnicov Also on Tuesday, a federal criminal complaint, originally filed on April 21, 2022, was unsealed, which reveals charges against Nicolai Colesnicov of the Republic of Moldova, including conspiracy and trafficking in unauthorized access devices. The complaint alleges that Colesnicov led WT1SHOP, an online illicit marketplace that included 25,000 scanned driver’s licenses and passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, and 21,800 credit cards among the stolen credentials and PII it offered for sale. WT1SHOP screenshots included in court documents against Colesnicov The website seizure and criminal complaint were announced by United States Attorney for the District of Maryland Erek L. Barron and Special Agent in Charge Wayne Jacobs of the Federal Bureau of Investigation, Washington Field Office, Criminal Division. A growing business An affidavit filed in support of the criminal complaint alleges that WT1SHOP provided an outlet and forum that facilitated the sale of stolen PII using Bitcoin. An image of the WT1SHOP database obtained by Dutch law enforcement in June 2020 showed that there were just over 60,000 registered users on the site, including 91 sellers and 2 administrators, with the total sale of approximately 2.4 million credentials for close to $4 million. As of December 2021 law enforcement found that the number of registered users had increased to over 106,000, with 94 sellers and approximately 5.85 million credentials available for illicit purchase. An overview of the credentials found on WT1SHOP in June 2020 included in the affidavit Flashpoint observed accounts for popular email services averaging $3 per account, while passport data fetched approximately $25 per person. Accounts containing access to financial credentials sold for considerably more, with some going over $100. Credentials and PII sold include login credentials to a variety of access portals, including retailers and financial institutions, email accounts, and PayPal accounts, identification cards, and credentials to gain unauthorized access to and operate computers, servers, and network devices remotely. Bitcoin sales made on WT1SHOP, payments made to the webhost of WT1SHOP, email addresses related to WT1SHOP, and associated login credentials have been traced by law enforcement to Colesnicov. They were also able to determine that Colesnicov was the operator of WT1SHOP due to his administrator login credentials on the WT1SHOP website. If convicted, Colesnicov faces up to 10 years in federal prison for the charges related to conspiracy and trafficking in unauthorized devices. Read the full affidavit below. The case for compromised credentials monitoring This case reveals only part of a threat landscape that goes far beyond WT1SHOP and the millions of credentials stolen and sold by just one illicit marketplace. As threat actors advance their tactics and evolve to be capable of larger attacks, any organization with users, customers, partners, investors, or other valuable assets must consider how they’re defending their infrastructure, and the people who rely on it, from credential theft. Compromised credentials pose a significant risk to corporations and entities across industries, targeting everything from PII, like driver’s licenses and passports, to payment information to leverage for profit. An attack that affects your users is not only costly, but damages your organization’s reputation in the long term. To help your security teams mitigate and prevent the risk of credential theft, it’s important to have tools to collect and process data and credentials quickly, so that if credentials associated with your organization are found in a breach, your team can be made aware and begin remediation as soon as possible. Stop compromised credentials with Flashpoint’s CCM Flashpoint’s Compromised Credentials Monitoring (CCM) allows users to monitor exposure of compromised credentials for their enterprise domains and customer email addresses, and take action to mitigate risk of account takeover (ATO). Flashpoint’s advanced technology quickly collects and processes data and credentials, allowing organizations to access the most up-to-date breach data and receive notification as soon as credentials have been identified. Sign up for a free trial today to see it in action.
The Original Article can be found on Security Boulevard

Three Ocean County Residents Charged For Selling Drugs - Jersey Shore Online

TOMS RIVER – A multi-agency investigation has led to three Ocean County residents to be arrested and charged for selling drugs, authorities said. Three homes, two in Lakewood and …

Read more here
Three Ocean County Residents Charged For Selling Drugs - Jersey Shore Online

Lakewood turns to online auction to sell old street signs - cleveland.com

LAKEWOOD, Ohio -- Feeling nostalgic? You can join an online auction to buy old Lakewood street signs. This means that instead of considering any late-night thievery, prideful resi …

Read more here
Lakewood turns to online auction to sell old street signs - cleveland.com

Lakewood using online auction to sell old street signs - cleveland.com

LAKEWOOD, Ohio -- The auction bidding has begun for the first time in Lakewood regarding the sale of old street signs. This means, instead of considering any late-night thievery, …

Read more here
Lakewood using online auction to sell old street signs - cleveland.com

How to Sell a Used HP Laptop Online - Startup.info

HP laptops strike the perfect balance of quality and affordability. But the brand releases new models so often you might be tempted to upgrade. So, what to do with your older, stil …

Read more here
How to Sell a Used HP Laptop Online - Startup.info

Iconic Goodwill gets serious with online for thrifters - KKTV

NEW YORK (AP) — Thrifters who flock to Goodwill stores will now be able to do more of their treasure hunting online. The 120-year-old nonprofit organization on Tuesday launched Go …

Read more here
Iconic Goodwill gets serious with online for thrifters - KKTV