Russian Citizen Who Sold Stolen Passwords on Criminal Forum Gets 40 Months in Prison

The US Department of Justice has announced a 40-month prison sentence for a Russian national who made money selling stolen personal data.

27-year-old Georgy Kavzharadze, of Moscow, is described by the DOJ as “a prolific vendor of stolen financial information, login credentials, and other personally identifying information (PII).”

Selling stolen data to fraudsters

Starting in 2016, Kavzharadze joined the criminal internet marketplace Slilpp and, using various aliases, listed some 626,100 stolen login credentials – i.e. usernames and passwords – and sold more than half of them to prospecting fraudsters.

“Those credentials were subsequently linked to $1.2 million in fraudulent transactions,” according to the DOJ.

In 2021, Kavzharadze advertised an additional 240,000 login credentials with the promise that the buyer could use the information to steal money outright from the victims’ bank accounts.

The credentials included access to accounts with banks in New York, California, Nevada, and Georgia, courd documents say.

Kavzharadze, who got paid in Bitcoin, allegedly drew more than $200,000 from his activity on Slilpp, according to an FBI analysis.

Kavzharadze pled guilty on Feb. 16, 2024, to conspiracy to commit bank fraud and wire fraud before US District Judge Colleen Kollar-Kotelly. The judge sentenced Kavzharadze to 40 months in prison and ordered him to pay more than $1.2 million in restitution.

The Slilpp marketplace was taken down in June 2021 in a coordinated action with international law enforcement partners. Authorities seized its infrastructure and domain names, as well as a wealth of historical information about Slilpp vendors, customers and transactions, including subscriber and payment information for individual accounts that have been used to buy and sell login credentials over Slilpp.

Protect your login information

According to the Bitdefender 2024 Consumer Cybersecurity Assessment Report, netizens' biggest cybercrime fear is having their money stolen. Yet people generally avoid even the easy steps that could help keep fraudsters at bay.

Asked how many accounts they manage on average, respondents in our survey were most likely to have three to five online accounts (35%), though 31% said they had six or more.

Credit: Bitdefender

Respondents likely considered only the accounts they use regularly – like social media, music & video streaming, utilities, etc. – not so much the ones they created for a quick service or a one-off purchase that they quickly forgot about.

Unless we go to the trouble of updating old passwords or deleting old accounts, those access credentials eventually get caught up in data leaks or find their way onto underground hacker forums.

It’s important for e-citizens to consider this at a time when data breaches have become a daily occurrence – affecting especially those who give in to the convenience of using a single password for multiple accounts.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is for sale on the dark web.

Bitdefender recently published a straightforward guide on how to exercise good cybersecurity hygiene to combat the rising tide of scams targeting regular folk.

Read: Make It Hard for Scammers to Get You! Use These Seven Vital Tips.

Finally, consider using Scamio to combat socially engineered attacks on your finances. If you're suspicious about a certain phone call, email or SMS, Scamio provides a fast and efficient way to find out if you’re being conned. Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam. Use it anywhere via web browser, Facebook Messenger, or WhatsApp. Scamio is localized for use in the USA, France, Germany, Spain, Italy, Romania, Australia and the UK.