The FBI and several international law enforcement organizations have seized Genesis Market. It was a notorious marketplace for hackers to sell compromised credentials, browser fingerprints, and website logins.
The FBI announced the takedown on Wednesday, called ‘Operation Cookie Monster’ and conducted in concert with several international organizations. “Genesis Market’s domains have been seized by the FBI pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Wisconsin,” the statement reads.
The FBI says it was assisted by agencies from the United Kingdom, Europe, Australia, Canada, Germany, Poland, and Sweden. More than 120 people were arrested as 200 searches were carried out globally. According to the U.K.’s National Crime Agency, around 19 suspected site users were arrested. The FBI confirmed arrests were made in the United States, but did not share exact information.
“This is the biggest operation of its kind. We’re not just going after administrators or taking sites down; we’re going after users on a global scale,” said an FBI official. With the seizure of Genesis Market’s computer systems, the FBI has identified 59,000 users of the marketplace. As part of the raid, the FBI provided data breach notification website Have I Been Pwned with millions of email addresses and passwords available for sale on the Genesis Market.
The marketplace was active online since 2017 as an invite-only place to buy stolen credentials, cookies, and digital browser fingerprints. These fingerprints included information like IP addresses, session cookies, plugins, and operating system details. With this information, attackers could impersonate a victim’s browser to access their online banking or subscription services like Netflix and Spotify.
Before its shutdown, Genesis Marketplace offered updates to data if it changes. “Genesis customers aren’t making a one-time buy of stolen information of unknown vintage; they’re paying for a de facto subscription to the victim’s information, even if that information changes,” adds Yusuf Arslan Polat, a Senior Threat Researcher at Sophos. More than 450,000 entries were available for sale on the marketplace in March 2023—shortly before it was taken offline.
The FBI estimates that data was stolen from more than 1.5 million compromised computers. More than 80 million account access credentials were captured and Genesis Marketplace made $8.7 million from the sale of stolen credentials.