Police Apprehend 21 WeLeakInfo Customers for Purchasing Stolen Personal Data

In a significant law enforcement operation across the United Kingdom, 21 individuals have been apprehended as part of a broader initiative targeting users of the now-defunct data breach service, WeLeakInfo.com. This platform had previously offered subscribers illicit access to a trove of personal information harvested from various online breaches.

According to the UK National Crime Agency (NCA), those arrested are suspected of employing stolen personal information to engage in additional cyber crimes and fraudulent activities. The suspects, all of whom are men aged between 18 and 38, face a range of charges. Nine have been detained on allegations relating to the Computer Misuse Act, while another nine are under suspicion for fraud offenses, and three are being investigated for both types of misconduct. The operation also resulted in the seizure of more than £41,000 in Bitcoin from the accused parties.

Earlier this year, in January, a multinational law enforcement operation involving the FBI, the NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. This service, launched in 2017, provided users with a search engine to access personal information derived from over 10,000 data breaches, amassing an indexed database that contained more than 12 billion stolen credentials such as names, email addresses, usernames, and passwords.

Additionally, WeLeakInfo’s subscription model facilitated unlimited searches and access to information from these breaches for costs as low as $2 per day. This affordability rendered the service accessible to novice hackers, allowing them to gather vast quantities of data and employ it for malicious purposes, including credential stuffing attacks—a technique where stolen credentials are used to access multiple accounts across various platforms.

Following the domain’s seizure, two men, both aged 22 and located in different countries, were arrested for their alleged roles in managing the WeLeakInfo service. The platform’s associated Twitter account has since been inactive. The NCA has indicated that, in addition to purchasing services from WeLeakInfo, some of those arrested also sought other cybercriminal tools, including remote access Trojans and crypters. Moreover, some individuals were found to possess indecent images of children, expanding the scope of the investigation.

Paul Creffield of the NCA highlighted the ongoing vulnerabilities presented by common practices such as password reuse across multiple sites. Such behaviors empower cybercriminals to exploit data breaches for fraudulent activities, making effective password hygiene a critical concern for individuals and businesses alike.