WeLeakInfo gets pwned by FBI; Dutch, Irish police arrest alleged breach brokers

Enlarge / The seizure notice for WeLeakInfo even included the site's logo. Fancy.

On Wednesday, police in the Netherlands and Northern Ireland arrested two 22-year-old men believed to be connected to WeLeakInfo, a site offering usernames and passwords from multiple data breaches for sale. At the same time, the Federal Bureau of Investigation, in coordination with the UK's National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland, took down the domain for the site, redirecting it to a seizure notice (shown above).

At first, some thought the takedown was simply a breach of the site itself-mostly because the FBI took the time to add the site's logo to the takedown notice.

There's a mess happening over at We Leak Info since yesterday. It looks like they got hacked, and someone threw up an FBI seizure page. The seizure notice doesn't look legit.

... Not a good look for them...https://t.co/XGGIRaJKQk #WeLeakInfo #WLI pic.twitter.com/SUzaAQD8Pd

- Cypher (@CryptoCypher) January 16, 2020

But on Thursday afternoon, the Justice Department announced the takedown and put out a call for further information on WeLeakInfo and its operators. WeLeakInfo claimed to have over 12 billion usernames and passwords from a collection of over 10,000 data breaches. Originally hosted at a Canadian hosting company's data center when set up in 2016, the domain was moved behind Cloudflare a day later. The site, originally advertised as "the most extensive private database search engine," purported to be a legitimate tool for companies to perform security research-even claiming to offer an application interface for performing bulk checks for breaches of company accounts.

Read 2 remaining paragraphs | Comments