U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins

Cyber Security

The U.S. Department of Justice (DoJ) Thursday said it disrupted and took down the infrastructure of an underground marketplace known as “Slilpp” that specialized in trading stolen login credentials as part of an international law enforcement operation.

Over a dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, which involved the joint efforts of the U.S., Germany, the Netherlands, and Romania, also commandeered a set of servers hosting its infrastructure as well as the multiple domains the group operated.

Stack Overflow Teams

Operational since 2012, Slilpp was an marketplace for allegedly stolen online account login credentials belonging to 1,400 companies worldwide, offering for sale more than 80 million plundered usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, which were abused to conduct unauthorized transactions, such as wire transfers, from the related accounts.

Slilpp Marketplace
Slilpp Marketplace

Based on existing victim reports, the DoJ said the pilfered login credentials sold over Slilpp have been used to siphon no less than $200 million in the U.S.

“The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims,” said Acting Assistant Attorney General Nicholas L. McQuaid of the DoJ’s Criminal Division. “The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.”

Enterprise Password Management

The development comes amid a flurry of law enforcement actions against cybercrime groups in recent months, including that of TrickBot, Emotet, and ANoM. Slilpp is also the third marketplace to be taken down by the DoJ after xDedic (January 2019) and DEER.IO (January 2021), both of which catered to harvesting and selling login credentials.

Products You May Like

Articles You May Like

Realme Dizo Watch With 12 Days Battery, Heart Rate Monitoring, IP68 Build Launched in India
Alexa Can Now Locate COVID-19 Vaccine and Testing Centres in India: Here’s How
Amazon Fined Record EUR 746 Million in Luxembourg Over Data Privacy
Amazon’s $1 Billion Bet on Health Care
OnePlus Nord 2 Review: Classic OnePlus

Leave a Reply

Your email address will not be published. Required fields are marked *