An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information.
The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and "wt1store[.]net."
The website peddled over 5.85 million records of personally identifying information (PII), including approximately 25,000 scanned driver's licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards, the U.S. Justice Department (DoJ) said.
The DoJ also unveiled a criminal complaint against Nicolai Colesnicov, accusing the 36-year-old individual from the Republic of Moldova of running the marketplace. Colesnicov has been charged with conspiracy and with trafficking in unauthorized access devices.
According to unsealed court documents, WT1SHOP offered a payment mechanism that facilitated the trafficking of pilfered PII using Bitcoin. The account shop had 106,273 registered users and 94 sellers with a total of roughly 5.85 million credentials available for sale as of December 2021.
The login credentials included those belonging to retailers and financial institutions, email accounts, PayPal accounts, and identification cards, as well as to remotely access and operate computers, servers, and network devices without authorization.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
The DoJ also said law enforcement was able to trace Bitcoin transactions made on WT1SHOP, along with the email addresses and the login information from those accounts, to Colesnicov, enabling the authorities to determine his role as the administrator of the illicit marketplace.
If convicted, Colesnicov faces a maximum sentence of 10 years in federal prison.
The development comes over a year after law enforcement agencies from the U.S., Germany, the Netherlands, and Romania disrupted and took down the infrastructure of an underground marketplace known as Slilpp that specialized in trading stolen login credentials.