Security
Headlines
HeadlinesLatestCVEs

Headline

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to

The Hacker News
#web#auth#The Hacker News

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp.

Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to a 40-month jail term, Kavzharadze has been ordered to pay $1,233,521.47 in restitution.

The defendant, who went by the online monikers TeRorPP, Torqovec, and PlutuSS, is believed to have listed over 626,100 stolen login credentials for sale on Slilpp and sold more than 297,300 of them on the illicit marketplace between July 2016 and May 2021.

“Those credentials were subsequently linked to $1.2 million in fraudulent transactions,” the U.S. Department of Justice (DoJ) said.

“On May 27, 2021, Kavzharadze’s account on Slilpp listed 240,495 login credentials for sale that would allow the buyer to use the information to steal money from the victim’s online payment and bank accounts.”

Kavzharadze is estimated to have made no less than $200,000 in profits from the sale of stolen credentials. In August 2021, he was charged with conspiracy to commit bank fraud and wire fraud, bank fraud, access device fraud, and aggravated identity theft. He was subsequently extradited to the U.S. to face the charges.

Slilpp was one of the largest marketplaces that specialized in the sale of login credentials until June 2021, when its infrastructure was dismantled as part of an international law enforcement operation involving authorities from the U.S., Germany, the Netherlands, and Romania.

It had been in operation since 2012, selling more than 80 million login credentials from over 1,400 companies.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The Hacker News: Latest News

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks