FBI, AFP Arrest Sydney Man Who Sold 1-Million Spotify, Netflix Passwords Online
Australian police have released details surrounding a 21-year-old man who was arrested earlier this week for running a service selling passwords for popular online services. During this time, police allege the man made up to $300,000 from his WickedGen.com website that was selling Netflix, Spotify, Playstation, Origin and Hulu passwords. Authorities arrested the man following a joint investigation between the FBI, and the Australian Federal Police. They say at peak operation, the service had over 120,000 users, with up to a million account details and passwords; they were sold in monthly and yearly membership plans. The man in question was arrested in his Dee Why house, with authorities seizing his computer equipment, housing “various amounts of cryptocurrencies,” according to a police statement. The unnamed 21-year-old was able to sell functioning usernames and password combinations that were collected from previous data breaches, and posted online, often on sites hosted on the dark web. In recent months we’ve seen hundreds of millions, even billions of unique username and password combinations listed online, and in some cases, freely accessible online. The AFP have release the following statement, outlining that “this arrest is another example of the value and importance of our relationship with the FBI.” “These partnerships - both internationally and domestically - are critical in law enforcement being able to respond to rapidly-evolving and increasingly global crime types.” “Individuals in Australia have had their personal data stolen for the sake of individual greed. These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved.”
The man is scheduled appeared in Sydney Central Local Court yesterday, and was charged "with offences relating to the alleged use of false identities and cyber crime", according to the AFP. These include:
-Providing unauthorised access to, or modification of restricted data; which carries a maximum two-year sentence
-Providing a circumvention service; maximum penalty of five-years.
-Dealing in proceeds of crime; twenty-years maximum
-False or misleading information; ten-years maximum
-Dealing in identification information; five-years maximum. One reddit user commented recently that they “had their Spotify account stolen and resold once” “They didn’t bother to change the password luckily.” They said. “I only noticed when I kept getting booted, saying my account is in use on another device, and my history [was] suddenly filled with latin music.” Using this as an example, we can see some signs you can use to identify whether or not your account has been compromised.