WeLeakInfo claimed to have over 12 billion usernames and passwords siphoned from around 10,300 breaches at various companies and websites. It had organized that information into an easily searchable database, letting users look up someone’s email address to find out what passwords, names, phone numbers and IP addresses were linked. The site offered access to all the info via subscriptions starting at as little as $2.
The site promoted itself as a legitimate way to perform security research, even though it offered phone numbers, IP addresses and other personal info that’s protected by law. (If you want to find out whether your username and password has been stolen, you can go to security expert Troy Hunt‘s excellent haveibeenpawned.com site and get the information for free.) As part of the operation, the FBI is asking people with any information about WeLeakInfo to file a complaint.
