Operation Cookie Monster brought down a massive hacker marketplace – See if your info was there

April 6, 2023

By Kim Komando

Scammers never run out of tricks, and this one’s a doozy: They’re using AI to impersonate you. Here’s why you need to change your voicemail setting right now.

Getting ahold of your voice is one thing, but once a hacker gets into your computer, they can wreak all sorts of havoc and truly ruin your life.

There’s good news on that front, though. Law enforcement agencies around the world just brought down Genesis Market, an online marketplace that bought and sold hacked user data. Score one for the good guys!

Mass arrests

A reported 119 people were arrested as part of Operation Cookie Monster. Yes, that’s the real name!

The Department of Justice says Genesis Market offered access to stolen data from over 1.5 million computers containing over 80 million account access credentials. If your login was breached in the past five years, it probably ended up on Genesis.

Law enforcement seized 11 domains used by Genesis Market to support its infrastructure. The main login page was replaced with a takedown notice, containing information to contact the FBI.

An international effort

The FBI worked with agencies from 17 different countries to take down the hacker ring. Suspects from around the world, including ones in the U.S., were taken in by police. 

It’s nice when the world can come together against a common enemy!

A crooked one-stop shop

This was quite the operation. Since 2018, Genesis Market sold access to “fingerprints,” aka all the identifying data stored on a computer. Buyers could then impersonate that user and get into personal accounts like eBay, Dropbox, PayPal, Microsoft, Twitter, Fidelity and crypto exchanges.

Genesis even offered custom browsers to help buyers navigate their way around victims’ lives. Crooks could easily drain bank accounts, find the victim’s friends and access personal info for blackmail. 

The marketplace also promised that once a computer was accessed, its fingerprints would be kept up-to-date — notifying the crook if any passwords were changed.

How do you know if you’ve been hacked?

There are signs to watch out for that may indicate someone is snooping around inside your computer:

H

How do you know if your data is floating around the web?

Your data may be for sale without you even realizing it. Websites such as HaveIBeenPwned and CyberNews checker let you enter your email address to see if you were part of a data breach.

These sites track genuine data breaches and are regularly updated. They’ll tell you if your email and passwords were part of any known breaches.

How do you protect yourself?

The first step is to increase your computer’s defenses. Your first step should be a reliable antivirus solution. We recommend our sponsor, TotalAV, an award-winning security suite that gives you continuous protection while blocking malicious websites and helping you clear out junk.

TotalAV protects you from malware, ransomware, spyware, adware and more. It even deletes tracking cookies. It’s compatible with Windows, Mac, Android and iOS.

Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price.

Use multifactor authentication

Multifactor authentication adds an extra layer of security when logging into an account. It could be a thumbprint, a bit of information only you know, or a code sent to a device only you have access to.

To secure your accounts further, try an authenticator app, which generates one-time passcodes every 30 seconds. Here’s everything you need to know about multifactor authentication.

Update everything

Keep all of your devices updated to protect against the latest threats and keep cybercriminals out of your life. This includes your computer, laptop, tablet and phone.

Tap or click here for instructions on updating everything.

Keep reading

10 tips to secure your accounts with strong passwords

Hackers want Google accounts. Give yours this security check now!

https://www.komando.com/tips/cybersecurity/operation-cookie-monster/