A court in the Netherlands has sentenced a 24-year-old Dutchman to two years in prison, including one year on probation, for his involvement with the WeLeakInfo service, a website that provided access to stolen data.
WeLeakInfo offered for sale a total of 12 billion records, including names, email addresses and passwords, and also offered a service to crack encrypted passwords.
An investigation into WeLeakInfo was launched by the UK's National Crime Agency in July 2019. While the website tried to mimic legitimate services that allow users to check whether their personal data was compromised in data breaches, in reality the site’s administrators traded in millions of login credentials obtained from data breaches and hacked websites.
At the beginning of 2020, the police seized the WeLeakInfo portal, and arrested two of its operators – a Dutch man and his accomplice from Northern Ireland. A third suspect is still on the run.
The Dutch 24-year-old was sentenced in Utrecht court to two years in prison, with the second year suspended. He must also repay almost 110,000 euros that he has earned from the site to the State.