The FBI has seized the domain of, a website that claimed to have more than 12 billion user records on sale that had been exposed in data breaches.

For as little as $2 per day, hackers could search the name, email or username of a person and be presented with any data that had been leaked about them.

In some cases, this included cleartext passwords, which cybercriminals could use in the hope that their target had reused the same password across multiple accounts, known as credential stuffing.

While the site purported to be a genuine tool for security researchers, law enforcement deemed it illegitimate.

A multinational effort saw WeLeakInfo taken down by the FBI, NCA, Politie, Department of Justice, Police Service of Northern Ireland and Bundeskriminalamt.

WeLeakInfo one of many sites selling passwords

The domain was seized by the authorities on 15 January, with visitors to the site now met with a notice stating:

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

“The domain for WeLeakInfo has been seized by the Federal Bureau of Investigation pursuant to a seizure warrant issued by the United States District Court for the District of Colombia.”

weleakinfo seized
Visitors to the domain are now greeted by this notice.

On Wednesday police in the Netherlands and Northern Island arrested two 22-year-old men believed to be connected to WeLeakInfo.

The site, which aggregated data from more than 10,000 breaches, is not the only one to offer such a service.

“This site is one of many offering a similar service on the dark web so even with this site out of action, this is by no means the last of it,” said Jake Moore, cybersecurity specialist at ESET.

Robert Ramsden-Board, VP EMEA at Securonix, said:

“The internet is far-reaching; therefore, cybercrime and its impact on businesses and individuals is rarely contained within one nation. So, collaboration between the US, UK and other nations’ law enforcement organisations is a critical step towards effectively tackling cybercrime.”

Moore recommended that users do not use predictable or simple passwords across multiple accounts:

“My advice is to use a password manager to store your uniquely different passwords robustly online so you don’t have to remember them all. Implementing 2FA will also help reduce this risk even if your password is compromised.”

Read more: Exclusive: Production company data breach exposes personal data of Dove ‘real people’ ad participants