Expert Comments On WeLeakInfo.com Seized For Selling Info From Data Breaches

The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from data breaches and allowed users to pay to access it. To access this data, visitors could subscribe to various plans ranging from a $2 trial to a $70 three-month unlimited access account. These plans would then allow a user to perform searches that retrieve information exposed in these data breaches.

Experts Comments

January 21, 2020
Rob Gurzeev
CEO and Co-Founder
CyCognito
This is an important reminder that cyber attackers, by virtue of the advanced tools and techniques they use, typically have the upper hand when looking for weaknesses they can compromise. They use cheap, automated, and widely available scanning and exploitation capabilities to amass massive troves of data that can be monetized. Security professionals deal every day with the fact that attackers need just a single blind spot for entry, while defenders have to guard everything, all the time......Read More
This is an important reminder that cyber attackers, by virtue of the advanced tools and techniques they use, typically have the upper hand when looking for weaknesses they can compromise. They use cheap, automated, and widely available scanning and exploitation capabilities to amass massive troves of data that can be monetized. Security professionals deal every day with the fact that attackers need just a single blind spot for entry, while defenders have to guard everything, all the time. Attackers seek the ‘weakest zebra in the herd’ so to speak, and extract resources they can monetize before a victim organization knows it’s under attack. That is why it's imperative for organizations to fully map their attack surface - including assets that are used by third parties - and expose their shadow risk. Security-minded organizations are increasingly taking this next step, and eliminating their most critical attack vectors before attackers leverage them.  Read Less
January 20, 2020
Robert Ramsden Board
VP EMEA
Securonix
Weleakinfo.com was a useful resource for threat actors. Hackers could perform unlimited searches for exposed data for as little as $2 a day. Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks. The internet is far-reaching; therefore, cybercrime and its impact on businesses and individuals is rarely contained within one nation. So, collaboration between the US, UK and.....Read More
Weleakinfo.com was a useful resource for threat actors. Hackers could perform unlimited searches for exposed data for as little as $2 a day. Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks. The internet is far-reaching; therefore, cybercrime and its impact on businesses and individuals is rarely contained within one nation. So, collaboration between the US, UK and other nations law enforcement organisations is a critical step towards effectively tackling cybercrime.  Read Less
January 17, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
From a legal perspective, the commerce of stolen property is criminally punishable in most Western jurisdictions. The prosecution will likely argue that the admins were deliberately profiteering from the unlawful sale of stolen property, recklessly allowing third-parties to access victims' sensitive data. Given the purely commercial nature of the project, malicious intent would be easy to prove, forming an irrefutable indictment with severe prison terms on the horizon. The admins would be.....Read More
From a legal perspective, the commerce of stolen property is criminally punishable in most Western jurisdictions. The prosecution will likely argue that the admins were deliberately profiteering from the unlawful sale of stolen property, recklessly allowing third-parties to access victims' sensitive data. Given the purely commercial nature of the project, malicious intent would be easy to prove, forming an irrefutable indictment with severe prison terms on the horizon. The admins would be advised to take experienced criminal defence lawyers and consider negotiating a guilty plea. In any case, this incident serves an unambiguous “tolerance zero” notice to all grey marketplaces.  Read Less
January 17, 2020
Jake Moore
Cybersecurity Specialist
ESET
Cyber criminals can do a lot of damage with a large list from a breach, even when it simply contains names and emails. The big risk comes from brute force attacks, where criminals use leaked common password combinations against emails to try and break into personal accounts. An incredibly large amount of people still use predictable or simple passwords. Together with previous and even recent high profile breaches, many people's passwords are also readily available on the dark web, so it.....Read More
Cyber criminals can do a lot of damage with a large list from a breach, even when it simply contains names and emails. The big risk comes from brute force attacks, where criminals use leaked common password combinations against emails to try and break into personal accounts. An incredibly large amount of people still use predictable or simple passwords. Together with previous and even recent high profile breaches, many people's passwords are also readily available on the dark web, so it quickly and simply becomes an exercise in joining the dots for the cyber criminals. This risk is then increased due to the fact that many people use the same passwords across multiple accounts. My advice is to use a password manager to store your uniquely different passwords robustly online, so that you don’t have to remember them all. Implementing 2FA will also help mitigate this risk.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.