Alongside other law enforcement, the FBI has seized the WeLeakInfo[.]com domain following a warrant being issued by the United States District Court for the District of Columbia.
WeLeakInfo[.]com states that its service is to help internet users find out if their personal data has been compromised, by selling them access to view the exposed data.
In an announcement, the US Department of Justice explained that “the website had claimed to provide its users a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts.”
The website offers subscriptions for users to access data exposed in the breaches, with some subscriptions providing unlimited searches and access during the subscription period.
WeLeakInfo claims to have gathered nearly 12.5 billion records from data breaches, however by actually disclosing the stolen data, a clear distinction can be observed between WeLeakInfo and the service HaveIBeenPwned, which will only inform users if their credentials have been compromised, rather than providing access to the breached data.
The FBI worked alongside international law enforcement, including the UK’s National Crime Agency, The Netherlands National Police Corps, the German Bundeskriminalamt (the Federal Criminal Police Office of Germany), and the Police Service of Northern Ireland, to suspend the website.
The website is now in the custody of the federal government, and visitors to the site will be met with a seizure banner.
Jake Moore, cybersecurity specialist at ESET told Infosecurity Magazine: “The big risk comes from brute force attacks, where criminals use common password combination against emails to try and break into personal accounts.
“An incredibly large amount of people still use predictable or simple passwords. Many people’s passwords are also readily available on the dark web, so it quickly and simply becomes an exercise in joining the dots for the cyber-criminals.”