Operation Cookie Monster Takes Down Genesis Cyber Crime Market

Massive international law enforcement action shuts down notorious cyber crime marketplace that sold stolen personal data and credentials for Facebook, Amazon, eBay, PayPal, Twitter and more.

‘Fraudsters paradise’ online criminal marketplace is shutdown in sting

An ‘Amazon for crime’ online marketplace selling millions of sets of stolen personal information for 56p each has been blown open by UK and international investigators.

Daily MailDan Sales Rebecca Camber Crime And Security Editor

International sting on the 'world's biggest fraudsters paradise' stealing YOUR passwords: Criminal 'online market' where hackers flog bank, eBay, Amazon and Facebook log-ins for as little as 50p is shut down.

An 'Amazon for crime' online marketplace selling millions of sets of stolen personal information for 56p each has been blown open by UK and international investigators.

A sting on the site – which was called Genesis Market – unfolded last night and saw raids on users across the globe.

It was led by the FBI and Dutch police forces and 17 other countries, including the UK's National Crime Agency (NCA), which made 24 arrests in and around Grimsby.

Around the world, about 120 people were arrested and more than 200 searches were carried out. Genesis had 80million sets of credentials available for sale and two million victims.

They included online banking, Facebook, Amazon, PayPal and Netflix account information, as well as digital fingerprints with mobile device data. It could be exploited by criminals to bypass online security by pretending to be the victim.

Today visitors to the site, which the NCA said had hundreds of UK users, were greeted with a page showing the FBI investigation name Operation Cookie Monster.

I suspect this type of hacking may be a major factor in some of the fraud on eBay that takes over legitimate accounts and uses them to post scam listings for vehicles, luxury watches, high value trading cards and more.

Why Doesn’t eBay Do More To Stop Car Scams?

It seems like eBay car scams have been around forever, why doesn’t eBay do more to curb this particular kind of fraud?

Value Added ResourceLiz Morton ~ Founder

It's interesting the Daily Mail mentions 24 arrests were made in and around Grimsby - an eBay business in that area made headlines in 2021 when their account was hijacked and used for this type of fraud, with eBay refusing to help as the business owner faced a £14,000+ and had to lay off staff as a result.

Grimsby businessman facing ruin after eBay account ‘hacked’

Phil Green has had to lay off staff and more could suffer after £14,000 hacking scam on his Nunsthorpe business

GrimsbyLivePeter Craig

A Grimsby businessman is facing ruin and having to make staff redundant because of what he claims is an eBay hacking scam.

Phil Green's Bags-n-Aprons business has successfully traded through eBay and other online platforms for over a decade. He provides a service making and distributing tabards, garments, bags, aprons and ladies undies.

But the Nunsthorpe businessman was shocked to discover listed on his eBay account were Rolex watches, speedboats, bicycles and rare Pokemon cards.

Ebay immediately froze his account which meant he lost trade. But he says the firm also took money directly from his account totalling £14,000 to pay off people who had not received delivery of the items they had ordered and paid for...

..."Between 2pm and 8pm on November 4 our site was hacked by we believe an USA based hacker. We reported the hacking to eBay first thing on Friday November 5 and since then they have done almost nothing to help us.

Have I Been Pwned creator Troy Hunt has provided an excellent recap of this epic cyber crime takedown as well as a searchable database so you can see if your compromised data was available on Genesis Market.

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and “Operation Cookie Monster”

A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they’ve named “Operation Cookie Monster”. They’ve provided millions of impacted email addresses and p…

Troy HuntTroy Hunt

Here's what Have I Been Pwned suggests if you find yourself in this collection of data:

Prepared in conjunction with the FBI, following is the recommended guidance for those that find themselves in this collection of data:

To safeguard yourself against fraud in the future, it is important that you immediately remove the malware from your computer and then change all your passwords. Do this as follows:

• Log out of all open sessions in all web browsers on your computer.
• Remove all cookies and temporary internet files.
• Then choose one of the following two options:
• Update the virus scanner on your computer.
• Then carry out a virus scan on your computer.
• The malware will be removed.
• Then (and only then) change all your passwords. Don’t do this any earlier, as otherwise the cybercriminals will see the new passwords.
  
  

OR

• Reset the infected computer to the factory default settings:
• Then (and only then) change all your passwords. Don’t do this any earlier, as otherwise the cybercriminals will see the new passwords.
  
  

How can I prevent my data being stolen (again)?

• Use a virus scanner and keep it up to date.
• Use strong passwords that are unique for each account/website.
• Use multifactor authentication. If you use a fingerprint, facial recognition, or approval on another device (such as a phone) to confirm your identity on login, it is harder for someone to access your accounts.
• Never download or install illegal software. This is a very common source of malware infection.
• When installing legal software, always check that the website is genuine.

Hats off to the law enforcement personnel across the globe involved in investigating and bringing these criminals to justice!