August 16, 2024Ravie LakshmananDark Web / Data Breach

A 27-year-old Russian man has been sentenced to more than three years in prison for selling financial information, login credentials and other personally identifiable information (PII) on a now-defunct dark web marketplace called Slilpp.

Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty earlier this February to one count of conspiracy to commit bank fraud and wire fraud. In addition to a 40-month prison sentence, Kavzharadze was ordered to pay $1,233,521.47 in restitution.

The suspect, who used the names TeRorPP, Torqovec and PlutuSS online, is said to have offered more than 626,100 stolen login details for sale on Slilpp between July 2016 and May 2021 and sold more than 297,300 on the illegal marketplace.

“Those credentials were then linked to $1.2 million in fraudulent transactions,” the U.S. Department of Justice (DoJ) said.

“On May 27, 2021, Kavzharadze’s account on Slilpp had 240,495 login credentials for sale. This allowed the buyer to steal money from the victim’s online payment and bank accounts.”

Kavzharadze is estimated to have made at least $200,000 in profits from selling stolen credentials. In August 2021, he was charged with conspiracy to commit bank fraud and wire fraud, bank fraud, access device fraud, and aggravated identity theft. He was subsequently extradited to the U.S. to face the charges.

Until June 2021, Slilpp was one of the largest marketplaces specializing in the sale of login credentials. In June 2021, the company’s infrastructure was dismantled as part of an international law enforcement operation involving authorities from the US, Germany, the Netherlands, and Romania.

The company has been operating since 2012 and has sold more than 80 million login credentials from over 1,400 companies.