Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ukrainian Extradited for Selling 2,000 Stolen Logins Per Week

Ukrainian Extradited for Selling 2,000 Stolen Logins Per Week

The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace.

The indictment alleges that Glib Oleksandr Ivanov-Tolpintsev operated a malware botnet that collected login credentials for multiple computers simultaneously using brute force techniques.

While Ivanov-Tolpintsev allegedly operated online under multiple aliases, the DOJ used subpoenaed emails from Google to identify his real identity and a Jabber address used to communicate with representatives of the Marketplace.

Also Read: How COVID-19 Contact Tracing in Singapore Applies at Workplace

Some threat actors used the “Marketplace” dark web site to sell stolen remote access credentials while other bought them for future cyberattacks

Through Jabber chats obtained from an investigation into the Marketplace, the FBI could chronicle Ivanov-Tolpintsev’s attempts to become a seller on the dark web marketplace.

“For example, in chats dated May 23, 2017, Ivanov-Tolpintsev asked about the requirements to become a seller on the Marketplace,” explained a previous complaint out of the District of Florida.

“Conspirator #1 explained that sellers must have a database of credentials from at least 5,000 servers, and the ability to upload 500 credentials to the Marketplace each week.”

“Ivanov-Tolpintsev responded that he planned to be able to satisfy those requirements.”

The DOJ states that Ivanov-Tolpintsev claimed to brute force 2,000 logins per week using his botnet, which was then listed on a dark web remote access marketplace known as the “Marketplace.”

Under the alias “Mars,” Ivanov-Tolpintsev allegedly put up for sale access to 6,704 computers, where he earned $82,648.

Threat actors could then use these sold credentials to perform a wide range of attacks, including data theft, ransomware attacks, or to cover the trails of other attacks.

Ivanov-Tolpintsev was arrested by Polish authorities and has since been extradited to the USA. He now faces charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.

If convicted of all charges, he faces a maximum penalty of 17 years in prison.

Also Read: Data Storage Security Standards: What Storage Professionals Need to Know



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us