The US Justice Department has seized the domain name and took offline a long-run underground marketplace for stolen accounting data, where users could obtain access to information in a variety of categories, according to a recent press release by the US DoJ.

“According to a seizure warrant affidavit that was unsealed today, since 2012, the Slilpp marketplace has been selling stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts. According to the affidavit, the Slilpp marketplace allowed vendors to sell, and customers to buy, stolen login credentials by providing the forum and payment mechanism for such transactions,” says the press release.

What is happening in the marketplace?

, US DoJ takes Slilpp – underground marketplace for accounting data offline

The marketplace is just the tip of the iceberg for a decade-long trend within that underground space. The availability of online E-Shops acted as a clearinghouse for stolen information, where attackers could supply compromised data and attempt to sell it for profit. Buyers would then manage to access someone’s account and eventually attempt to steal their sensitive information, such as financial assets.

Sample categories for the stolen data 

  • SHOPYOURWAY.COM
  • BESTBUY.COM
  • SAQ.COM
  • BLOOMINGDALES.COM
  • MACYS.COM
  • LOWES.COM
  • KOHLS.COM
  • BODYBUIDING.COM
  • SAMSCLUB.COM
  • KMART.COM
  • HP.COM
  • APPLE.COM
  • CANONSHOP.COM
  • GILT.COM?
  • VICTORIASSECRET.COM
  • LETGO.COM
  • NEIMANMARCUS.COM
  • SAKSFIFTHAVENUE.COM
  • USA Mobile Operators / AVIA /HOTELS
  • BRITISHAIRWAYS.COM
  • AIRBNB.COM
  • ATT.COM
  • T-MOBILE.COM
  • AIRMILESME.COM
  • EXPEDIA.COM
  • BRITISHAIRWAYS.COM
  • ALASKAAIR.COM

The marketplace is known to have operated under several different domains, which are constantly improving its ability to remain online. It also has a Dark Web onion including over a dozen of currently active and related domains.

What is the future of such E-shops?

We expect that many other E-Shops for stolen accounting information will emerge. Some of the currently active E-Shops for such compromised data will take extra steps to ensure that they remain online and continue to attract new customers, including actual vendors of stolen and compromised accounting information. 

Another trend worth pointing out is that many fellow cybercriminals will continue to impersonate well-known E-Shops for stolen accounting information. The primary goal would be to steal some of the market shares of the original E-Shop and attempt to earn fraudulent revenue from its users.