The Justice Department today announced its role in a multinational operation that led officials to disrupt and take down the infrastructure of Slilpp, an online marketplace that allegedly sold stolen online account credentials.
A seizure warrant affidavit unsealed today states Slilpp had been selling stolen login credentials including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other types of online accounts. Vendors were able to sell stolen credentials; buyers could use these to conduct unauthorized transfers from victim accounts.
At the time the marketplace was disrupted, the affidavit alleges stolen credentials for more than 1,400 account providers were available for sale on Slilpp. While the full impact of Slilpp is not yet known, officials say the limited existing victim reports indicate stolen credentials sold on the marketplace have been used to cause more than $200 million in losses in the US.
The FBI worked with law enforcement partners in Germany, the Netherlands, and Romania to disrupt Slilpp by identifying a series of servers that hosted the marketplace infrastructure and its various domain names, the affidavit states. These servers and domain names were seized pursuant to domestic and international legal process, officiate write in a statement.
Read the full Justice Dept. release for more information.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.