January 15, 2020

Seeking Victims in the xDedic Investigation

The xDedic marketplace, which began in late 2014, sold compromised credentials (such as usernames and passwords) for computers across the globe. Within the marketplace, sellers “stocked the shelves” with compromised credentials that they obtained using their own tools or tools provided by the marketplace. Buyers bought the compromised credentials to carry out various crimes such as business e-mail compromise, ransomware campaigns, and the filing of fraudulent tax returns. These compromised credentials allowed cyber criminals to remotely access the computers using Remote Desktop Protocol (RDP). Since its inception, the FBI and IRS estimate that the xDedic marketplace listed more than 800,000 credentials for sale

If you believe you are a victim of a crime related to the selling of compromised credentials, please complete the below questionnaire. Your responses are voluntary but would be useful in the federal investigation and to identify you as a potential victim. Based on the responses provided, you may be contacted by the FBI and asked to provide additional information.

The FBI is legally mandated to identify victims of federal crimes that they investigate and provide these victims with information, assistance services, and resources.


Additional Resources

Splash page graphic with multiple agency seals stating that the domain for xDedic has been seized by the FBI as part of a coordinated law enforcement action.