WeLeakInfo website trading in 12 billion compromised credentials taken down and two men arrested

Arrests in the Netherlands and Northern Ireland accompany cross-border operation against hacker website trading in compromised credentials

WeLeakInfo.com, a website trading in compromised credentials, has been taken offline by authorities across Europe and the US following a cross-border operation involving the UK's National Crime Agency (NCA).

Two 22-year-old men purportedly behind the site have been arrested: one in Fintona, County Tyrone in Northern Ireland; and the other in Vriendin, Arnham in the Netherlands.

The domain name was seized in an action that also involved the FBI and authorities in Northern Ireland, the Netherlands and Germany.

The website offered a search engine of personal information aggregated over more than 10,000 data breaches. In total, it claimed more than 12 billion indexed records, including such information as names, email addresses, user names, phone numbers and passwords for online accounts.

The website monetised its service with subscriptions providing unlimited searches for access to the database, hosted on a Kubernetes cluster. Subscription fees ranged from $2, for a one-day trial, to $70, for three months of unlimited access.

The operators also offered round-the-clock support to customers. The NCA claims that the individuals behind WeLeakInfo made more than £200,000 from the site. The dot-com domain was seized by the FBI this week.

"Online payments tracing back to IP addresses believed to have been used by the two men point them being heavily involved in the running of the site.

"NCA officers [also] found evidence of payments being made from these accounts to infrastructure companies in Germany and New Zealand to host its data," claimed the NCA in a statement.

The NCA started investigating the website in August last year. It claims that credentials obtained from the website were used in cyber attacks in the UK, US and Germany.

The NSA statement continued: "Law enforcement activity in the UK last year established links between the purchase of cyber crime tools, such as remote access Trojans and cryptors, and WeLeakInfo.com."