Your credentials may be on sale in Genesis Market

Hi all,

In case you didn’t see it yet, the police in several countries are engaged in a major international investigation, headed by the FBI, which has led to the taking down of the criminal trading website Genesis Market. Apparently, this marketplace was selling credentials including online fingerprints. Europol is alerting on social media.

The Dutch police have made available a website to check if you were affected.

I use Firefox and I have deleted the Advertising ID from my devices. Any further advice to reduce fingerprinting?

Regards,

Celia

Thanks for sharing Celia, but for most of us this won’t be super helpful. If you use email aliases for all your accounts then this should not really have a large impact and neither the tool will he helpful as you can only scan for one email at the time, although it may be good to run some old email addresses through it, yet I would be sceptical given it’s run by the police. It would have been better if they had contributed it to HIBP where one can also get all emails in a single domain you control.

There is a discussion on fingerprinting here: Browser fingerprinting/tracking overview. Also many of the recommendations are made with this in mind.

1 Like

So it sounds like the main concern is criminals using your browser’s fingerprint (and cookies?) to bypass 2 factor or password checks and access your bank account. Shopping accounts too, but those have to be much less juicy targets than bank accounts.
Keeping your machine malware free and regularly changing your passwords should be more than sufficient to mitigate the harm from this leaked data.
And as always, it’s a very good idea to regularly audit all of your credit card/bank transactions in this era of rampant credit card fraud.

I certainly understand skepticism of police, but it makes sense that they’re doing it themselves instead of directing people to Have I Been Pwned. Can you imagine how confused a non-technical boomer might get by that site’s name alone?
It also probably makes sense from a legal liability standpoint. Why vet HIBP when you can just roll your own?

1 Like