A criminal marketplace allegedly set up to sell stolen login credentials was taken down by a joint operation. The United States, Germany, the Netherlands, and Romania were all involved in the operation. According to an unsealed seizure warrant, since 2012, the Slilpp market has been selling stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts. At the time of the takedown, law enforcement believed Slilpp sold login credentials for over 1,400 account providers. Although the marketplace is gone, investigators feel the extent of the damage caused by Slilpp is still unknown.
Stolen login credentials can have serious ramifications for individuals and organizations alike. It can lead to a myriad of cyber-attacks. The best way to protect from these attacks is to use multi-factor authentication with complex passwords and ensure users do not reuse passwords for multiple logins. Reusing passwords is common practice with many users but it is extremely risky. Threat actors will use lists of stolen credentials from sites like Slilpp to attempt to breach other accounts in a practice called credential stuffing, similar to what allowed attackers to gain access to Colonial Pipeline’s employee VPN. Users can protect themselves from Credential Stuffing attacks using Multi-Factor Authentication (MFA) and unique passwords on every site. Even if passwords are reused on other sites, MFA can help prevent account takeover on those sites that allow it, but a password manager that creates strong and random passwords paired with MFA where possible can be an easy to use and highly effective combination for protecting access. While these preventative measures stop won’t breaches, they will make it much harder for an individual or a company to fall victim to a credential stuffing attack.