{"id":626220,"date":"2023-04-06T09:49:30","date_gmt":"2023-04-06T14:49:30","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/06\/operation-cookie-monster-shuts-off-hacker-marketplace-selling-millions-of-stolen-accounts\/"},"modified":"2023-04-06T09:49:30","modified_gmt":"2023-04-06T14:49:30","slug":"operation-cookie-monster-shuts-off-hacker-marketplace-selling-millions-of-stolen-accounts","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/06\/operation-cookie-monster-shuts-off-hacker-marketplace-selling-millions-of-stolen-accounts\/","title":{"rendered":"Operation Cookie Monster shuts off hacker marketplace selling millions of stolen accounts"},"content":{"rendered":"
\n

Several law enforcement agencies have teamed up to take down Genesis Market, a website selling access to \u201cover 80 million account access credentials,\u201d which included the standard usernames and passwords, as well as much more dangerous data like session tokens. According to a press release from the US Department of Justice<\/a>, the site was seized on Tuesday. The European Union Agency for Law Enforcement Cooperation (or Europol) says<\/a> that 119 of the site’s users have been arrested. <\/p>\n

Genesis Marketplace has been around since 2018, according to the Department of Justice, and was \u201cone of the most prolific initial access brokers (IABs) in the cybercrime world.\u201d It let hackers search for certain types of credentials, such as ones for social media accounts, bank accounts, etc., as well as search for credentials based on where in the world they came from.<\/p>\n

The agencies have teamed up with HaveIBeenPwned.com<\/a> to make it easy for the public to check if their login credentials were stolen, and I\u2019d highly recommend doing so \u2014 because of the way Genesis worked, this isn\u2019t the typical \u201cjust change your password and you\u2019ll be fine scenario.\u201d For instructions on how to check whether Genesis was selling your stolen info, check out the writeup from Troy Hunt, who runs HaveIBeenPwned<\/a>. <\/p>\n

(The TL;DR is that you should sign up for HIBP\u2019s email notification service<\/a> with all of your important email addresses, and then be sure to click the \u201cVerify email\u201d button in the confirmation email. Just searching for your email on the site won\u2019t <\/strong>tell you if you were impacted.)<\/p>\n

We\u2019ll go into what you can do to protect yourself if it turns out your credentials were available on Genesis \u2014 here\u2019s a link to skip to that section<\/a>, just in case you\u2019ve got some really important accounts \u2014 but first, it\u2019s useful to understand how the marketplace worked. Generally, these sorts of enterprises will sell username and password combinations, along with other personal info. And while you certainly don\u2019t want those floating around, two-factor authentication can help protect you even if your password has been compromised. <\/p>\n

While Genesis Marketplace traded in usernames and passwords, it also sold access to users\u2019 cookies and browser fingerprints as well, which could let hackers bypass protections like two-factor authentication. Cookies \u2014 or login tokens, to be specific \u2014 are files that websites store on your computer to show that you\u2019ve already logged in by correctly entering your password and two-factor authentication information. They\u2019re the reason you don\u2019t have to log into a website each time you visit it. (They\u2019re also the reason that the joint effort to take down Genesis was given the delightful codename \u201cOperation Cookie Monster.\u201d)<\/p>\n

They undoubtedly make the web convenient to use, but they pose a security risk if someone were to get a hold of them \u2014 say, by getting a user to download a piece of malware and then uploading them to a hacker\u2019s servers. According to the DOJ, the data sold on Genesis came from \u201cover 1.5 million compromised computers around the world.\u201d<\/p>\n

Web developers, however, know about this possibility and will often build in additional protections. One is called fingerprinting, which is a technique that looks at a ton of information about your computer, like what browser you\u2019re using, what fonts you have installed, what hardware you have, etc. Fingerprinting is often used for advertising<\/a> but can be helpful for security as well; if a cookie is associated with a Mac running Firefox, it\u2019d be a little suspicious if it was suddenly used to access an account using Chrome on a Windows PC.<\/p>\n

So Genesis stole the fingerprints, too. What\u2019s more, it even provided a browser extension that let hackers spoof the victim\u2019s fingerprint while using their login cookie to gain access to an account, according to a 2019 report from ZDNET<\/em><\/a>.<\/p>\n

YouTuber Linus Tech Tips has a great breakdown of how this type of attack works<\/a>, as the technique was recently used to take over the channel. (Though, to be clear, it appears the hacker got their credentials by targeting them directly, not via a marketplace like Genesis.)<\/p>\n

What to do if your info was on Genesis Marketplace<\/h3>\n<\/p>\n

So you got an email from Have I Been Pwned saying that your data was found in the Genesis dataset. According to the FBI and Dutch police, your first step should be to log out of all your accounts on every web browser on your computer before clearing your cookies and caches. (Here\u2019s how to do that in Chrome<\/a>, Edge<\/a>, Firefox<\/a>, and Safari<\/a>.) If you\u2019re given the option, be sure to delete the data for all time, not just the past week or so, just to be safe. This will make sure that you\u2019re logged out of everything and should render any session tokens you had invalid.<\/p>\n

After this step, you are not done<\/strong>. If your data was stolen by malware, it\u2019s very possible it\u2019s still running on your device, ready to steal the new login cookies and upload them to another marketplace. That\u2019s why you need to run a virus scan or completely reset your computer before logging back into anything. Personally, I use Malwarebytes whenever I need to hunt down viruses, but here are some quick guides on how to get rid of malware on Windows<\/a> and on Macs<\/a>. (Yes, Macs get viruses, too.)<\/p>\n

After that, you should be okay to log back into your accounts. It\u2019s worth checking out security expert Brian Krebs\u2019 Mastodon thread<\/a> for information on how exactly computers get infected because it\u2019s not always via the obvious, easy-to-spot methods like files named \u201cClickMe_NOTAVirus.exe.\u201d Knowing some of the warning signs to watch out for and common infection vectors like file-sharing sites can help keep you from getting reinfected by login-stealing malware.<\/p>\n<\/div>\n

Read More<\/a>
\n Mitchell Clark<\/p>\n","protected":false},"excerpt":{"rendered":"

Several law enforcement agencies have teamed up to take down Genesis Market, a website selling access to \u201cover 80 million account access credentials,\u201d which included the standard usernames and passwords, as well as much more dangerous data like session tokens. According to a press release from the US Department of Justice, the site was seized<\/p>\n","protected":false},"author":1,"featured_media":626221,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22473,91719,46],"tags":[],"class_list":{"0":"post-626220","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cookie","8":"category-operation","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/626220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=626220"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/626220\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/626221"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=626220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=626220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=626220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}