21 customers of WeLeakInfo arrested for purchasing breached personal data

Hey, guys! I’m back! 

I chose to write something along the topic of password hygiene again, just like my previous post. This is so because I feel the importance of good, strong passwords is not emphasized enough. Hence, this blog!

In this blog, we’re going to analyze WeLeakInfo[.]com, a now-defunct online service that had been formerly selling access to data that was hacked from other websites. Recently, the police arrested 21 people across the UK, who are guilty of purchasing breached personal data. This was done as part of a nationwide cyber crackdown targeting customers of this notorious online service. 

More about the arrested

According to the UK National Crime Agency (NCA), these people made use of the stolen personal credentials to commit further cyber and fraud offences. 

All 21 were men aged between 18 and 38. Out of 21 of the arrested,

  • 9 have been detained on suspicion of Computer Misuse Act offences
  • 9 for Fraud offences
  • 3 are under investigation for both

The NCA also seized over £41,000 in bitcoin from the arrested individuals. Besides that, the NCA also discovered that a number of the arrested men had purchased cybercrime tools such as remote access Trojans (RATs) and crypters*. 3 of them had indecent images of children in their possession. 


Crypter is a type of software that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. It is used by cyber criminals to create malware that can bypass security programs by presenting itself as a harmless program until it gets installed.

WeLeakInfo[.]com: Background story

This online service was first launched in 2017 and it gave its customers the access to a search engine. This search engine contains personal information, obtained in unlawful ways from over 10, 000 data breaches. We’re talking over 12 billion indexed stolen credentials. This includes names, email addresses, usernames, phone numbers, and passwords for online accounts.

Something really interesting about WeLeakInfo is that they offer eye-catching and hard-to-dismiss subscription plans. Let me tell you why it’s interesting. These plans allow unlimited searches and access to breached data during the subscription period. The respective subscription period and its corresponding subscription fee are as follows: 

  • 3-month plan: $70
  • 1-month plan: $25
  • 1-week plan: $7
  • 1-day plan: only $2!

Their cheapest subscription plan enabled entry-level, rookie hackers to be able to get their filthy hands on a large chunk of data for such a small price - $2 a day. These people use the breached data for various attacks. Chief among them is credential stuffing attacks. 

Thankfully, in January 2020, the US Federal Bureau of Investigation (FBI), the NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland jointly seized the domain of WeLeakInfo.com

Shortly after the domain was seized, two 22-year old men were arrested as they were found linked to running the site. One lived in the Netherlands and the other was from Northern Ireland. Ever since this arrest, WeLeakInfo's Twitter handle has gone quiet.


Figure 1: WeLeakInfo’s domain seized

Word of Wisdom

NCA’s Paul Creffield says: 

"Cyber criminals rely on the fact that people duplicate passwords on multiple sites and data breaches create the opportunity for fraudsters to exploit that. Password hygiene is therefore extremely important."

I can’t stress this enough, y’all. Use different passwords for different sites. Make sure they're complex and most importantly, don’t store them in your browsers or keep a written copy of passwords anywhere! The best password storage is our brain so have some faith and don’t repeat the same mistake! 

That’s it for today’s blog, y’all! Feel free to drop comments and share this blog if you found it informational.

Stay safe and stay tuned.

Until next time, friends!

Credits: The Hacker News

Add comment