The Largest Online Marketplace of Stolen Login Credentials Seized by Law Enforcement

On March 16, 2022, a federal grand jury put on trial Igor Dekhtyarchuk, a citizen of the Russian Federation (Russia), with charges for running a cyber-criminal marketplace that sold thousands of stolen login credentials, Personally Identifiable Information, and authentication tools.

Dekhtyarchuk ran Marketplace A, which allegedly sold credentials of over 48,000 hacked email accounts, 39,000 internet accounts, and had an average visitor count of 5,000 people every day.

Marketplace A specializes in the selling of illegally obtained access devices for compromised online payment platforms, retailers, and credit cards, and also provides data associated with such accounts, such as users’ names, names and addresses, account credentials, and credit card data. This operation is known as a “carding shop.”

Dekhtyarchuk first made an appearance on the hacker forums in November 2013 with the alias name “floraby”. In April 2018, he started to advertise about the selling of account data in Russian hacker forums. In two months, he opened Marketplace A and started to advertise his marketplace soon.

However, Marketplace A had a completely different approach for its buyers. The website works just as how a legitimate store would work.

A person visiting the website to buy credentials can also buy credit card accounts of that victim. Sometimes, customers can also buy information relating to the victim’s retail accounts and other financial data. 

Another thing to be highlighted was the seven-day rental incremental plan that Dekhtyarchuk provided its customers.

He provided a downloadable software that the customers can use to input the purchased credentials along with the cookie that is provided with purchase. This helps the customers to access a company’s account easily.

During the period of March 2021 and July 2021, the FBI made a covert operation to track down the cybercriminals. The FBI worked with an Online Covert Employee (OCE) to track their location.

At the period of this covert operation, they purchased nearly 131 accounts from the marketplace. After every purchase, access was provided via a link or Telegram channels.

However, Finally, the hackers were brought to justice. 

The FBI stated, “This case exemplifies the need for all of us, right now, to take steps to protect our online identity, our personal data, and our monetary accounts,” said U.S. Attorney Brit Featherston.  “Cyber-criminals are lurking behind the glow of computer screens and are harming Americans.  These investigations require dedicated professionals who work tirelessly to stop thieves that steal from unknowing innocent people.  To those who dedicate their lives to stopping cyber-criminals, we thank you.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its…

1 hour ago

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed…

2 hours ago

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…

5 hours ago

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…

5 hours ago

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

20 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

20 hours ago