As part of an international law enforcement investigation, the U.S. Department of Justice (DoJ) announced Thursday that it has disrupted and shut down the infrastructure of the stolen credentials marketplace known as Slilpp, according to The Hacker News.
More than a dozen people have been charged or arrested in connection with the illegal market. The cyberattack, coordinated by US, Germany, the Netherlands, and Romania, also took control of several servers that housed the group’s infrastructure and the various domains it maintained.
Slilpp has been in operation since 2012. It was an underground marketplace for allegedly stolen online account login credentials belonging to 1,400 companies around the world, offering for sale more than 80 million stolen usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, all used to conduct unauthorized transactions.
In the United States alone, credentials sold on Slipp generated $200 million for cybercriminals
According to current victim reports, the stolen login credentials sold on Slilpp were used to drain no less than $200 million in the United States.
Acting Assistant Attorney General Nicholas L. McQuaid of the DoJ’s Criminal Division stated, “The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims”.
“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located”.
The development comes amid a recent spate of law enforcement actions against cybercrime groups, including TrickBot, Emotet and ANoM. Slilpp is also the third marketplace to be shut down by the DoJ, following xDedic (January 2019) and DEER.IO (January 2021), all of which traded credentials.
Earlier this month, a user on a famous hacking forum made a list containing the world’s largest password collection public. Considering the risk, it is strongly advised that you choose a complex password that is difficult to guess or generate.