The US Department of Justice (DOJ) completed a major takedown of an underground marketplace, Slilpp, holding stolen login credentials in part of an international law enforcement operation. At least 12 people have been charged or arrested in connection with the site. With combined efforts from the US, Germany, the Netherlands, and Romania, they were able to successfully take down the site and gain control over a set of servers hosting the operation and multiple domains the group used.

Slilpp has been active since 2012 and held stolen login credentials for 1400 companies, offered over 80 million usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other accounts used to abuse and carry out unauthorized transactions, such as wire transfers.

The DOJ has stated that the credentials used from this site have been able to allow threat actors to steal $200 million in the US alone. According to the Acting Assistant Attorney General Nicholas L. McQuaid of the DOJ, “The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims. The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”

Law enforcement in the US and beyond has been hot on the trail of cybercrime during 2021 as there have been numerous arrests and operation takedowns. TrickBot and Emotet took a huge hit to their operations, but as always, they’ve figured out ways to continue to attack organizations maliciously. Using this theory of cybercrime repopulation, it’s likely there will be more leak sites popping up with credentials that work exactly like this one.

If there is anything you can take away from this news, it’s the fact cyber-attacks don’t stop because threat actors are relentless. Changing your passwords frequently and using a password manager would decrease the likelihood of your passwords ending up on leak sites and prevent the unauthorized access of your accounts.

SpearTip’s engineers actively view these sites in order to prevent unwarranted access on our partners’ accounts. When you have SpearTip’s Security Operations Center as a Service working for you, threats are detected and handled. In a threat landscape of constant threats, it’s vital for your organization to use an experienced security firm with 24/7 capabilities like SpearTip.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.