Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


US Justice Department Takes Down Identify Theft Marketplace

The US Department of Justice (DOJ), in coordination with the Internal Revenue Service (IRS) and Federal Bureau of Investigation (FBI), seized and shut down the SSNDOB Marketplace in coordination with law enforcement groups in Cyprus and Latvia. The so called SSNDOB Marketplace reportedly specialized as a warehouse and exchange for various forms of stolen information associated with identify theft and financial fraud, including Social Security numbers, email addresses, passwords, credit card numbers, and other detailed information about individuals. The DOJ stated that the site listed information for over 24 million individuals living in the US and was connected to other dark web marketplaces and websites in which information utilized for identity theft was exchanged. Blockchain analysis firm Chainalysis noted that it had tracked $22 million of Bitcoin over 100,000 transactions associated with the SSNDOB Marketplace’s Bitcon payment processing system, while the DOJ asserted over $19 million in revenue had been generated from the site.

Analyst Notes

Identity and credential theft is now a well-established service in the underground economy. Organizations should require all users, including IT, security, and development personnel, to employ unique credentials for all services, as well as for any work from home (WFH) devices to which an organization’s assets, such as a VPN, may be exposed. Repeating passwords, for example, often results in illicit access. Identity and Access Management (IAM) programs and solutions are an essential component in mitigating access risks. Individuals should consider identity and credit monitoring services in order to quickly respond to identity theft and financial fraud.