If you look deep enough, you'll find corners of the internet where you can buy stolen credentials, identities, and accounts. Just recently, Operation Cookie Monster has seen to it that the Genesis Marketplace, which sells stolen accounts, be shut off.
Genesis Market Seized
The website boasts to have more than 80 million account credentials for sale which include usernames and passwords that match them. The same goes for other data like bank accounts, social media accounts, and more, which were stolen using malware all around the world.
Attorney General Merrick B. Garland stated that the Justice Department working across 45 FBI Field Offices and international partners has taken down the hacker marketplace. He expressed that it serves as a warning to cybercriminals who operate or use such websites.
Before the criminal marketplace was seized, reports say that the Genesis Market offered access to data from more than 1.5 million affected computers, collecting over 80 million stolen account credentials since 2018 it was created back in 2018.
According to the website of the Department of Justice, the criminal marketplace also had and sold device "fingerprints," which are device identifiers and browser cookies that allow criminals to avoid anti-fraud detection systems that some websites use.
Along with the account credentials, the device identifiers and browser cookies will allow the person who purchased them to assume the identity of the person it was stolen from, which will convince most third-party websites.
Deputy Attorney General Lisa O. Monaco stated that the marketplace falsely promised a new age of anonymity and impunity, which eventually provide a way for the Department of Justice to identify, locate, and arrest the criminals who used the website.
FBI Director Christopher Wray stated that the takedown was a demonstration of the agency's commitment to taking down services that enable cybercrime. He added that the takedown is an example of the technical capabilities of the FBI to take away the tools cybercriminals rely on.
How to Check if You Are a Victim
The agencies had the help of HaveIBeenPwned.com so the public could check if their credentials were stolen as well. As advised by The Verge, it's better to check if you have had your account credentials stolen since changing the password might not do the trick.
If you do sign up for the website's email notification service, you will need to verify your email address by clicking "Verify email" when the confirmation email arrives. Otherwise, you will not be able to determine whether or not you were impacted.
It's recommended to use two-factor authentication to add an extra layer of security. However, there is still a way to bypass that, which is through your cookies and browser "fingerprint." This private data can be accessed when you log into certain websites.
The websites will store your information on your computer so you wouldn't have to log in the next time you visit it. The best way to protect your data from being stolen through this method is to avoid logging in to websites if it's not necessary.