Several law enforcement agencies have teamed up to take down Genesis Market, a website selling access to “over 80 million account access credentials,” which included the standard usernames and passwords, as well as much more dangerous data like session tokens. According to a press release from the US Department of Justice, the site was seized on Tuesday. The European Union Agency for Law Enforcement Cooperation (or Europol) says that 119 of the site’s users have been arrested.
Genesis Marketplace has been around since 2018, according to the Department of Justice, and was “one of the most prolific initial access brokers (IABs) in the cybercrime world.” It let hackers search for certain types of credentials, such as ones for social media accounts, bank accounts, etc., as well as search for credentials based on where in the world they came from.
The agencies have teamed up with HaveIBeenPwned.com to make it easy for the public to check if their login credentials were stolen, and I’d highly recommend doing so — because of the way Genesis worked, this isn’t the typical “just change your password and you’ll be fine scenario.” For instructions on how to check whether Genesis was selling your stolen info, check out the writeup from Troy Hunt, who runs HaveIBeenPwned.
(The TL;DR is that you should sign up for HIBP’s email notification service with all of your important email addresses, and then be sure to click the “Verify email” button in the confirmation email. Just searching for your email on the site won’t tell you if you were impacted.)
While Genesis Marketplace traded in usernames and passwords, it also sold access to users’ cookies and browser fingerprints as well, which could let hackers bypass protections like two-factor authentication. Cookies — or login tokens, to be specific — are files that websites store on your computer to show that you’ve already logged in by correctly entering your password and two-factor authentication information. They’re the reason you don’t have to log into a website each time you visit it. (They’re also the reason that the joint effort to take down Genesis was given the delightful codename “Operation Cookie Monster.”)
Genesis stole the fingerprints, too. What’s more, it even provided a browser extension that let hackers spoof the victim’s fingerprint while using their login cookie to gain access to an account, according to a 2019 report from ZDNET.
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft