This article is more than 1 year old

Feds raid dark web market selling data on 24 million Americans

SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more

US law enforcement has shut down another dark web market, seizing and dismantling SSNDOB, a site dealing in stolen personal information.

Led by the IRS' criminal investigation division, the DOJ, and the FBI, the investigation gained control of four of SSNDOB's domains, hobbling its ability to generate cash. The agents said it raked in more than $19 million since coming online in 2015.

Seizure banner from SSNDOB-affiliated websites

Seizure banner from SSNDOB-affiliated websites


Prior to the takedown, SSNDOB reportedly had 24 million individuals' records available for purchase, which it regularly advertised on dark web forums. Personally identifying information available on SSNDOB included email addresses, passwords, credit card numbers, SSNs and more. 

The team behind SSNDOB also offered customer support, indicating it was, at the minimum, somewhat sophisticated. "The administrators also employed various techniques to protect their anonymity … including using online monikers that were distinct from their true identities, strategically maintaining servers in various countries, and requiring buyers to use digital payment methods, such as bitcoin," the Department of Justice said in a statement.

Because of the international nature of SSNDOB, Latvian and Cyprian police were also involved in the operation. 

Chainalysis released its own report on the SSNDOB investigation which found a link between SSNDOB and Joker's Stash, a dark web market that migrated to blockchain hosting to avoid action by law enforcement.

Between late 2018 and mid 2019, Chainalysis said, SSNDOB sent over $100,000 worth of Bitcoin to wallets associated with Joker's Stash "suggesting the two markets may have had some relationship to one another, including possibly shared ownership."

Joker's Stash voluntarily shut down in early 2021.

The closure of SSNDOB marks another in a chain of dark web seizures in the past year. Hydra, one of the longest-running dark web markets, recently faced a coordinated effort from US and German law enforcement which took it offline and resulted in the seizure of $25 million in Bitcoin. 

"Identity theft can have a devastating impact on a victim's long-term emotional and financial health. Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised," said Special Agent in Charge Darrell Waldon, IRS-CI Washington, D.C. Field Office.

Is SSNDOB really gone?

Trying to visit one of the four sites seized by the DOJ in its raid results in landing on a page with a banner message indicating the site was seized, and the other three simply don't connect or error out. Doing a search for SSNDOB reveals that it's not exactly gone, though: a .com address with the same name, offering what appears to be the same services, is still online and operational.

An attempt to sign up for an account on the .com succeeded without error, and searches turned back positive results. It's not clear, however, that the site is affiliated with the SSNDOB sites the DOJ seized.

A whois lookup of the seized sites, and the still-functional .com, show several different registrars along with redacted or obviously false information. Nicenic International Group, a Hong Kong-based domain provider, is shown as the registrar for one of the closed sites, as well as the .com. However, a DOJ spokesperson told The Register that the .com site "is not known to be related to the sites we seized." ®

More about


Send us news

Other stories you might like