Operator of WeLeakInfo database marketplace sentenced to two years in prison
Catalin Cimpanu May 12, 2021

Operator of WeLeakInfo database marketplace sentenced to two years in prison

Operator of WeLeakInfo database marketplace sentenced to two years in prison

One of the three operators of WeLeakInfo, a website that sold access to hacked databases, was sentenced today in the Netherlands to two years in prison, with one year suspended.

In court proceedings that took place earlier this year, the suspect, a 23-year-old whose name was not released, admitted to managing the service together with a Northern Irish man and a third unidentified person.

The three ran WeLeakInfo, a website that charged users around $2/day to access 12,415,528,535 records from 10,368 hacked databases, many of which also included usernames and plaintext passwords.

While the website tried to mimic a legitimate service like Troy Hunt’s Have I Been Pwned, in reality, the service was heavily advertised on underground cybercrime forums, where its creators claimed the service could be used by threat actors to search through people’s old credentials and try to hijack other online profiles where a target might have reused passwords.

WeLeakInfo-site

Dutch suspect served as database processor, helpdesk staff

The 23-year-old Dutch suspect told prosecutors that while he did not create the site, he joined WeLeakInfo in early 2016 after the portal had already been set up by the other two accomplices.

He said the Northern Irish suspect served as the site’s programmer while the third individual laundered payments made by its customers.

“I was mainly concerned with data processing, and I was also involved in answering questions via the helpdesk,” the 23-year-old told the judge.

According to his own testimony, the suspect would process hacked databases and ingest them into the WeLeakInfo backend.

“Most of the data was provided through a donation,” the suspect said, referring to a scheme where users were granted free access to the service if they provided a database the site did not already have.

WeLeakInfo was seized in January 2020

But the site’s activity caught law enforcement’s attention in July 2019, when the UK National Crime Agency started an official investigation, which expanded to the Netherlands in November 2019.

Together with US authorities, Dutch and British cops seized the WeLeakInfo portal on January 15, 2020, and arrested the Dutch and Nothern Irish operators.

Days before their arrest, the two also exchanged WhatsApp messages about receiving a subpoena order from the FBI.

Subpoena orders are used by law enforcement agencies to obtain information from service providers about their customers. According to the conversation, the two suspects believed they were safe because authorities did not send subpoenas to illicit marketplaces and thought the FBI was considering them as “legit.”

WeLeakInfo-chat
Image: The Record

The Dutch 23-year-old was sentenced today in a Utrecht court to two years in prison, with the second year suspended, which the suspect will serve on probation.

The third WeLeakInfo operator remains at large.

The WeLeakInfo site was previously in the news two months ago, in March 2021, when a hacker dumped the data of 11,788 of the site’s paying customers. Authorities are now using this data to track down and prosecute some of the site’s customers, most of which are believed to be criminals.

WeLeakInfo-leak
Image: The Record

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.