The xDedic marketplace, which began in late 2014, sold compromised credentials (such as usernames and passwords) for computers across the globe. Within the marketplace, sellers “stocked the shelves” with compromised credentials that they obtained using their own tools or tools provided by the marketplace. Buyers bought the compromised credentials to carry out various crimes such as business e-mail compromise, ransomware campaigns, and the filing of fraudulent tax returns. These compromised credentials allowed cyber criminals to remotely access the computers using Remote Desktop Protocol (RDP). Since its inception, the FBI and IRS estimate that the xDedic marketplace listed more than 800,000 credentials for sale
If you believe you are a victim of a crime related to the selling of compromised credentials, please complete the below questionnaire. Your responses are voluntary but would be useful in the federal investigation and to identify you as a potential victim. Based on the responses provided, you may be contacted by the FBI and asked to provide additional information.
The FBI is legally mandated to identify victims of federal crimes that they investigate and provide these victims with information, assistance services, and resources.
- U.S. Attorney Press Release:
The xDedic Marketplace, a Website Involved in the Illicit Sale of Compromised Computer Information and Personally Identifiable Information Shut Down
- IC3 Public Service Announcement:
Cyber Actors Increasingly Exploit the Remote Desktop Protocol to Conduct Malicious Activity
(Includes background, definition, vulnerabilities, examples of threats, and suggestions for protection)