Website Selling Stolen Login Credentials and Other Personally Identifiable Information is Seized and Its Operator Faces Federal Charges for Conspiracy and Trafficking in Unauthorized Access Devices | USAO-MD

green belt, Maryland – A website operating as a marketplace for more than 5.85 million Personally Identifiable Information (PII) records was seized today by Portuguese authorities and a federal criminal complaint charging the alleged operator of the website has been unsealed. Law enforcement in the United States also seized four domains used by the website: “”, “”, “” and “”.

The federal criminal complaint alleges that Nicolai Colesnicov, 36, of the Republic of Moldova, operated WT1SHOP, an online marketplace that allowed vendors to sell stolen login credentials and other PII, including approximately 25,000 driver’s licenses /digitized passports, 1.7 million login credentials for various online stores, 108,000 bank accounts, 21,800 credit cards. Colesnicov is charged with conspiracy and trafficking in unauthorized access devices. The criminal complaint was filed on April 21, 2022 and unsealed today when the website and its domains were seized.

The website seizure and criminal complaint were announced by United States Attorney for the District of Maryland Erek L. Barron and Special Agent in Charge Wayne Jacobs of the Federal Bureau of Investigation, Washington Field Office, Criminal Division.

According to the affidavit filed in support of the criminal complaint, WT1SHOP provided a forum and payment mechanism for the sale and purchase of stolen PII, using Bitcoin. As detailed in the affidavit, in June 2020, Dutch law enforcement obtained an image from the WT1SHOP database which showed that there were approximately 60,823 registered users on the site, including 91 sellers and two administrators. . As of June 2020, sellers on WT1SHOP have sold approximately 2.4 million IDs for total proceeds of approximately $4 million. Credentials sold included retailer and financial institution login credentials, email accounts, PayPal accounts, and ID cards, as well as access and password credentials. ‘remotely use computers, servers and network devices without permission. Law enforcement examination of WT1SHOP in December 2021 showed that the number of users and sellers on the website had increased to around 106,273 users and 94 sellers with a total of around 5.85 million identifiers available for sale.

According to the affidavit, law enforcement was able to trace Bitcoin sales made on WT1SHOP, payments made to WT1SHOP’s host, email addresses linked to WT1SHOP, and associated login information from these accounts to Colesnicov, including determining that Colesnicov was the operator of WT1SHOP. on the basis of his identifiers as an administrator on the WT1SHOP site.

If convicted, Colesnicov faces a maximum sentence of 10 years in federal prison for conspiracy and trafficking in unauthorized access devices. Actual sentences for federal crimes are generally lower than the maximum sentences. A federal district court judge will determine any sentence after considering US sentencing guidelines and other statutory factors.

A criminal complaint is not a conviction. An individual charged with a criminal complaint is presumed innocent unless and until proven guilty in subsequent criminal proceedings.

United States Attorney Erek L. Barron commended the FBI for its investigative work and thanked the United States Department of Justice’s Office of International Affairs and our law enforcement partners in Portugal. , the Republic of Moldova, the Republic of Estonia, the United Kingdom and the Netherlands for their help. Mr. Barron thanked Assistant U.S. Attorney Rajeev R. Raghavan, who is prosecuting the federal case.

For more information about the Maryland U.S. Attorney’s Office, its priorities, and the resources available to help the community, please visit and /community-outreach.

# # #