Skip links

Notorious stolen credential warehouse Genesis Market seized by FBI

A notorious source of stolen credentials,, has had its web site seized by the United States Federal Bureau of Investigations.

Security vendor Sophos in 2022 described as “an invitation-only marketplace” from which buyers can acquire “stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems”.

Sophos described the stolen data souk as an initial access broker (IAB) – a business that systems and services, steals data, and sells it. specialised in lifting “credentials, cookies, and digital fingerprints” and not only sold that data but offered a subscription service to provide up-to-date information on individuals it tracked.

The security firm also found Genesis offered “customer-service features that let bad actors concentrate on doing crimes, not tech”, including a “polished interface with good data-correlation capabilities; effective and well-maintained tools for customers, including a robust search function; and mainstream accoutrements such as an FAQ, user support, pricing in dollars (though payment is in Bitcoin), and competent copyediting.”

At the time of writing neither the FBI or its parent agency, the Department of Justice, had published a statement about the seizure.

But visitors to were left in no doubt about the site’s fate because all content other than the following splash screen has disappeared.

Genesis market FBI seizure notice

Genesis market FBI seizure notice – Click to enlarge

The Register notes that the FBI appears to be entirely happy depicting its infosec operatives as faceless hoodie-wearers. Thanks for that, folks given it’s a known disincentive to would-be infosec workers.

But we digress – we should really be focusing on the flock of law enforcement logos surrounding the unhelpfully hoodie-wearing chap depicted above, because they indicate that the FBI acted with its peers from around the world. That assistance was probably made necessary by Genesis Market using several domain names. Whacking them all would have required cross-border collaboration with multiple law enforcement agencies from different nations.

All of which leaves the world a little safer thanks to the demise of Genesis, but still struggling with plenty of personal data still in the hands of hoodie-wearing miscreants, while state-sponsored hoodie-wearers poison software supply chains, steal crypto, plant ransomware and worse. ®