FBI shuts down Slilpp website that sold stolen login credentials linked to millions in losses

Slilpp, a criminal marketplace that facilitated the sale of stolen login credentials, has been seized by the FBI as part of what the U.S. Department of Justice called a coordinated multinational effort.

German, Dutch and Romanian authorities partnered with U.S. law enforcement to successfully take down the Slilpp market and its infrastructure, the Justice Department announced in a news release Thursday.

The marketplace first launched nearly a decade earlier in 2012 and had provided a forum for selling and buying stolen login credentials that could subsequently be used by purchasers to commit fraud.

Data sold illegally on the site before its seizure included pairs of stolen usernames and passwords for various bank, payment, phone and retailer accounts, the Justice Department said in the news release.

Login credentials bought on Slilpp were later used to cause more than $200 million in losses in the U.S. alone, according to the Justice Department, which added the full impact of the site is unknown.

Foreign and domestic authorities identified servers that hosted the Slilpp infrastructure and its domain names and seized them pursuant to domestic and international legal process, the news release said.

A web address that previously directed to the Slilpp marketplace now consists of nothing but a prominent banner message from the FBI that says it was seized pursuant to a warrant issued in Washington, D.C.

“The department will not tolerate an underground economy for stolen identities, and we will continue to collaborate with our law enforcement partners worldwide to disrupt criminal marketplaces wherever they are located,” said Nicholas L. McQuaid, acting assistant attorney general for the Justice Department’s criminal division.

Over a dozen people have been arrested or charged by U.S. law enforcement in connection with the Slilpp website, the Justice Department said in the news release. None were identified in the announcement.

As of April 2017, a contemporaneous news report said over 7.1 million credentials were being advertised on Slilpp, including usernames and passwords for accounts on hundreds of bank and e-commerce sites.

Credentials for over 340,000 accounts with e-commerce giant Amazon were being advertised for sale around then for roughly $2.50 per username and password pair, KrebsonSecurity reported at the time.