A MAN who illegally obtained usernames and passwords of people’s private social media accounts later perused and downloaded images and videos of his victims.
Michael Grimes' home was raided as part of an operation which involved several agencies including the FBI and several electronic devices belonging to him were seized.
Upon analysis, illegally obtained pictures and videos, which he had accessed through a website named WeLeakInfo, were found.
Preston Crown Court heard that Grime used the stolen data to log onto personal social media and email accounts such as Snapchat, Instagram and Facebook where he collected private video and image files from his victims.
The 22-year-old, of Chatburn Road, Longridge, was given a two year community order, a 30 day rehabilitation activity requirement and he must also carry out 80 hours of unpaid work and give £500 compensation for each of his named victims.
In early 2020, the WeLeakInfo.com domain was seized by officers as part of a joint operation conducted by the FBI and the UK National Crime Agency, in coordination with the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland.
The website claimed to provide access to 12 billion user records from more than 10,000 data breaches including compromised usernames, email addresses, phone numbers, passwords and IP addresses.
After being identified as a user of the service, officers from the North West Regional Organised Crime Unit carried out a warrant at Michael Grime's home address in November 2020.
Detective Inspector Chris McClellan from the NWROCU said:"Together with our partners we take these offences really seriously. Data breaches like this can result in financial losses to victims and a huge distress.
"Many cyber criminals rely on the fact that lots of people use the same password on multiple sites and data breaches create the opportunity for fraudsters to exploit this.
"We're encouraging the public some simple security measures to avoid becoming a victim of cybercrime.”
DI McClellan said users can check if their personal data has been breached in the past by visiting legitimate websites such as haveibeenpwned.com.
He said: “If a breach is found, please don't panic. Change any passwords to the compromised accounts by making new strong separate password for each account, including a separate one for your email as all accounts lead back to your email
“Do not reuse passwords and where possible apply Two Factor Authentication (2FA). This will help you prove you are who you say you are when you are logging into your account.
“Do not share the 2FA code with anyone”
Philip Macey from the NCA’s National Cyber Crime Unit, said: “Today’s sentencing emphasises once again that those using online criminal marketplaces can be identified and brought to account. The NCA continues to work with partners in the UK and around the world to disrupt, and pursue, serious cyber criminals.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here