September 26, 2022
Law enforcement authorities have seized the domains of an online marketplace for stolen login credentials and other personally identifying information (PII). On Tuesday, Portuguese authorities seized a website selling over 5.85 million records of PII, while law enforcement agencies in the US seized four domains associated with the online shop, namely ‘wt1shop.net’, ‘wt1store.cc’, wt1store.com’, and…

Law enforcement authorities have seized the domains of an online marketplace for stolen login credentials and other personally identifying information (PII).

On Tuesday, Portuguese authorities seized a website selling over 5.85 million records of PII, while law enforcement agencies in the US seized four domains associated with the online shop, namely ‘wt1shop.net’, ‘wt1store.cc’, wt1store.com’, and ‘wt1store.net’.

A federal complaint unsealed on Tuesday charges Nicolai Colesnicov, 36, of the Republic of Moldova, with operating wt1shop to facilitate the selling of stolen credentials and PII.

On the online market, vendors were offering roughly 25,000 scanned driver’s licenses/passports, 1.7 million stolen login credentials for online retailers, the details of 108,000 bank accounts, and roughly 21,800 credit cards.

According to the affidavit accompanying the federal complaint, visitors of the illegal marketplace could purchase the stolen data using Bitcoin. The online market also had a forum that users could access.

An image of the wt1shop database obtained in June 2020 by Dutch law enforcement officials showed that the marketplace had roughly 60,823 registered users, 91 of which were sellers and two were administrators.

The affidavit alleges that, as of June 2020, roughly 2.4 million credentials had been sold on wt1shop, for total proceeds of $4 million.

The sold credentials were for online retailers, financial institutions, PayPal accounts, and email accounts. Other credentials were for remote access to computers, servers, and other devices.

In December 2021, the website had over 106,000 users and 94 sellers and offered a total of roughly 5.85 million credentials for sale.

Authorities have traced to Colesnicov Bitcoin sales made on the illegal marketplace, payments made to wt1shop’s webhost, email addresses related to the shop, and associated login information, and have determined that Colesnicov was the operator of wt1shop.

Colesnicov has been charged with conspiracy and trafficking in unauthorized access devices and faces up to 10 years in federal prison.

Related: Russian Operator of Cybercrime Marketplace Indicted in US

Related: Moderator of AlphaBay Dark Web Marketplace Gets 11 Years in Prison

Related: German Police Take Down ‘World’s Largest Darknet Marketplace’

Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:Tags:
Source