Notorious stolen credential warehouse Genesis Market seized by FBI

[vtqhtr413]

Content source

https://go.theregister.com/feed/www.theregister.com/2023/04/05/fbi_seizes_stolen_data_mart/

A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI. Security vendor Sophos has identified genesis.market as "an invitation-only marketplace" from which buyers can acquire "stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems." At the time of writing neither the FBI nor its parent agency, the Department of Justice, had published a statement about the seizure. But visitors to genesis.market were left in no doubt about the site's fate because all content other than the following splash screen has disappeared.

Stolen credential warehouse Genesis Market seized by FBI

Operation Cookie Monster crumbles stolen data-as-a-service vendor

go.theregister.com

 

[Gandalf_The_Grey]

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned (HIBP) so that victims of the incident can discover if they have been exposed. This breach has been flagged as "sensitive" which means it is not publicly searchable, rather you must demonstrate you control the email address being searched before the results are shown. This can be done via the free notification service on HIBP and involves you entering the email address then clicking on the link sent to your inbox. Specific guidance prepared by the FBI in conjunction with the Dutch police on further steps you can take to protect yourself are detailed at the end of this blog post on the gold background. That's the short version, here's the whole story:

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses...

www.troyhunt.com

 

[vtqhtr413]

Many online services only require a login, consisting of a username and password. Unfortunately, users often reuse the same credentials across multiple services, making them vulnerable to theft. Whether the theft is known or unknown, the consequences can be severe for those affected. Individual loss can be difficult to measure, from hacked bank accounts to compromised social media and personal documents.

The consequences can be devastating when an organization's credentials are stolen, whether through phishing or another breach. Stolen credentials can often lead to a more extensive breach since they can be a launching point for a broader intrusion. While multi-factor authentication (MFA) can help mitigate an attacker's ability to gain access, not all services implement MFA equally, and it is not foolproof.

The Genesis Market Takedown – Keep Users Credentials Secure

Law enforcement arrested over 100 people in the takedown of the Genesis Market, notorious for selling stolen credentials. To prevent the loss of credentials, it's important to adopt a layered defense.

www.bleepingcomputer.com