Ukraine cyber-police identifies 18-year-old Odesa infostealer operator linked to 28,000 stolen accounts and $721K California fraud
Ukrainian cyberpolice working with US law enforcement have identified an 18-year-old man from Odesa as the suspected operator of an infostealer operation that ran from 2024 through 2025 against customers of a California online retailer. The malware harvested 28,000 customer accounts; the operators used about 5,800 of them to make $721,000 in unauthorized purchases, leaving the retailer with around $250,000 in direct losses including chargebacks. The suspect ran the back-end infrastructure for processing and selling stolen session tokens. Police searched two residences and seized computers, phones, and bank cards. No arrest has been announced yet.
- Check
- Search HIBP and stealer-log marketplaces for your domain. If you run e-commerce, audit accounts with card-not-present orders that didn't match the legitimate user's device fingerprint in 2024-2025.
- Affected
- Customers of an unnamed California online retailer; 28,000 accounts harvested, 5,800 used in $721K of unauthorized purchases. Operation linked to a single 18-year-old in Odesa, Ukraine.
- Fix
- For affected users: rotate passwords, revoke active sessions, check card statements. For retailers: deploy session-binding device fingerprinting and require re-authentication for high-value card-not-present orders.