SSNDOB, an illicit online marketplace that sold private details of nearly 24 million US citizens, has been taken down following an international law enforcement operation conducted by the FBI, the Internal Revenue Service, the Department of Justice, and Cyprus Police.
The feds seized four domains hosting the SSNDOB marketplace as part of this operation: "ssndob.ws," "ssndob.vip," "ssndob.club," and "blackjob.biz."
According to the DOJ, the leaked details included names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue.
"A series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue," DOJ stated.
While the website also sold UK citizens' birth dates, it was primarily used to sell the private data of US people for as little as $0.50.
According to cybersecurity firm Advanced Intel, most of the data was stolen via healthcare and hospital data breaches. Subsequently, the attackers used the information to launch a financial scam.
"SSNDOB was one of the largest crime shops offering a collection of personally identifiable information for fraudsters and played an integral part in fraud schemes. The majority of the customers used the shop data for various types of scams from tax to bank fraud," AdvIntel CEO Vitali Kremez explained.
Chainalysis, a blockchain analysis firm, published its own report on the SSNDOB incident revealing that the marketplace received approximately $22 million worth of Bitcoin across over 100,000 transactions since April 2015, though the marketplace is believed to have been operating since at least 2013.
However, one of the most interesting details researchers identified was a link between SSNDOB and Joker's Stash, which shut down its operations voluntarily in January 2021 due to increased pressure from law enforcement agencies, disruptions due to COVID-19, and the decreasing quality of stolen credit cards.
"Perhaps most interesting of all though is the activity we see between SSNDOB and Joker’s Stash, a large darknet market focused on stolen credit card information and other PII that shut down in January 2021," explains Chainalysis' report. Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership."