The marketplace was one of the largest sellers of stolen login information.
The U.S. Department of Justice (DoJ) said that they have disrupted and taken down the infrastructure of an underground marketplace called “Slilpp” that specialized in trading stolen login credentials.
In the international law enforcement operation, more than dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, involved the joint operation of the U.S., Germany, the Netherlands, and Romania. A set of servers hosting its infrastructure as well as the multiple domains the group operated were seized.
Slilpp, which was operational since 2012, was a marketplace for allegedly stolen online account login credentials belonging to 1,400 companies worldwide. Over 80 million plundered usernames and passwords were offered for sale for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, which were abused to conduct unauthorized transactions, such as wire transfers, from the related accounts.
As per the existing victim reports, the DoJ said the stolen login credentials that were sold over Slilpp have been used to siphon no less than $200 million in the U.S.
According to Acting Assistant Attorney General Nicholas L. McQuaid of the DoJ’s Criminal Division, the Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims.
He added that the department will not tolerate an underground economy for stolen identities, and that they will continue to collaborate with law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located.
Slilpp is the third marketplace to be taken down by the DoJ after xDedic (January 2019) and DEER.IO (January 2021), both of which served to collect and sell login credentials.