Skip to content

4 SSNDOB domains seized for selling personal info of 24 million+ people

  • by
  • 2 min read

The US Department of Justice, FBI and Internal Revenue Services, with help from the Cyprus and Latvian law enforcement authorities, have taken down the SSNDOB marketplace, which was selling names, social security numbers and birthdates of around 24 million US citizens and had generated over $19 million in revenue. 

The following four domains were seized:

  • ssndob.ws
  • ssndob.vip
  • ssndob.club
  • blackjob.biz

The marketplace was operating with multiple sites acting as mirrors as a precaution against DDoS attacks and law enforcement actions. SSNDOB sold out information about US citizens for as low as $0.50, paid in Bitcoin. While British citizens’ birth dates were also sold on the marketplace, the primary targets were US citizens. 

BleepingComputer reports via Advanced Intel that a significant amount of data sold on the marketplace came from healthcare and hospital data breaches. In turn, this information was used by other attackers to commit financial fraud mostly. 

Chainanalysis released a report alongside the US Department of Justice’s press release stating that SSNDOB’s Bitcoin payment processing system has been active since April 2015. The service has received nearly $22 million worth of Bitcoin over 100,000 transactions.

4 SSNDOB domains seized for selling personal info of 24 million+ people
There might be a link between SSNDOB and Joker’s Stash. | Source: Chainanalysis

These numbers come down to an average of $80 per individual purchase, which is in the ballpark for individual PII purchases. However, transfers as large as $100,000 worth of Bitcoin suggest that some threat actors might be buying data in bulk. 

The firm also reported seeing activity between SSNDOB and Joker’s Stash, a darknet market focused on selling stolen credit card information and other PII, which shut down voluntarily in January 2021. While the link doesn’t prove anything concrete, it does suggest that the two markets might have some relationship or even shared ownership. 

In the News: Type-C charging will be mandatory on all phones in the EU by 2024

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>