Feds seize millions of stolen login credentials but you could still be at risk

Photo (c) D. Kleine - Getty Images

Check below to see how many times your email has been scraped

The U.S. Department of Justice (DOJ) this week rolled into Wisconsin, waving badges, seizing computers, and taking the personally identifiable information of millions of Americans off the market.

It’s about time.

Coming to the rescue is “Operation Cookie Monster,” a high-level all-hands-on-deck effort where the DOJ utilized 45 FBI field offices and international partners from Sweden to Romania to seize Genesis Market’s motherlode of consumer usernames and passwords for email, bank accounts, and social media.  

All in all, millions of passwords and email addresses were provided from a wide range of countries and domains. These emails and passwords were sold on Genesis Market and were used by Genesis Market users to access the various accounts and platforms that were for sale. Then, down stream, cybercriminals used this data for purposes ranging from identity theft to phishing attacks to credential stuffing

“Genesis falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals,”  said Deputy Attorney General Lisa Monaco. “The Department of Justice is shining a light on the internet’s darkest corners – in the last year alone, our agents, prosecutors, and partners have dismantled the darknet’s largest marketplaces – Hydra Market, BreachForums, and now Genesis. Each takedown is yet another blow to the cybercrime ecosystem.” 

Were you part of the personal data that Genesis had?

While the DOJ prevented Genesis from pushing consumer ID information any further, you, me, and everyone else is still at risk because of what’s already rung the cash register for the data seller on the black market.

The FBI has reached out to Have I Been Pwned (HIBP), a free resource for people to quickly assess whether their access credentials have been compromised (or “pwned”) in a data breach or other activity. Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market so that they can know whether to change or modify passwords and other authentication credentials that may have been compromised.

And whether you know that you’re a victim or just think you’re a Genesis victim, it would be smart to see if any of your email addresses at any time in the last several years turned up on the dark web.

When ConsumerAffairs checked Have I Been Pwned against our personal email accounts, there were breaches that have widespread implications: Adobe, Dropbox, and Zynga (the creator of Words with Friends) which exposed 173 million unique email addresses alongside usernames and passwords.

Prepared in conjunction with the FBI, HIPB provides the recommended guidance for those that find themselves in this latest collection of data. Those steps are detailed in the section with the gold background on this page.

Take a Financial Relief Quiz. Get matched with an Authorized Partner.