SSNDOB, an online marketplace that sold the names, social security numbers, and dates of birth of approximately 24 million US people, has been taken offline following an international law enforcement operation.

The operation was conducted by the FBI, the Internal Revenue Service, and the Department of Justice, with significant help from the Cyprus Police's Cybercrime Subdivision.

Four domains hosting the SSNDOB marketplace have been seized as part of this operation:"ssndob.ws," "ssndob.vip," "ssndob.club," and "blackjob.biz."

The SSNDOB marketplace consisted of multiple sites acting as mirrors of each other to aid in preventing DDoS attacks or law enforcement operations. The marketplace allowed cybercriminals to purchase "Social Security number, date of birth and full info of people" using bitcoin.

"A series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue," explains a press release by the Department of Justice.

While the website also sold the dates of birth for people in the United Kingdom, it was primarily used to sell the personal information of US citizens for as little as $0.50.

Cybersecurity firm Advanced Intel told BleepingComputer that much of the collected data was obtained through healthcare and hospital data breaches. Other threat actors then used this information to perform financial fraud.

"SSNDOB was one of the largest crime shops offering a collection of personally identifiable information for fraudsters and played an integral part in fraud schemes The majority of the customers used the shop data for various types of scams from tax to bank fraud," AdvIntel CEO Vitali Kremez told BleepingComputer.

"According to the few AdvIntel breach investigations, the criminals behind the shop specifically leveraged healthcare and hospital breach databases to source the supply of personal information for the fraudsters."

A link to Joker's Stash?

In a coordinated report, blockchain analysis firm Chainalysis explains that they tracked $22 million in Bitcoin being paid to SSNDOB since April 2015.

Some of these transactions were quite large, worth $100,000 in Bitcoin, indicating that some cybercriminals were buying data in bulk.

However, one of the most interesting details Chainalysis discovered was a connection between SSNDOB and Joker's Stash, which shut down in January 2021.

"Perhaps most interesting of all though is the activity we see between SSNDOB and Joker’s Stash, a large darknet market focused on stolen credit card information and other PII that shut down in January 2021," explains Chainalysis' report.

"Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership."

While Joker's Stash shut down its operations voluntarily, they were facing increased pressure from law enforcement, disruptions due to COVID-19, and the decreasing quality of stolen credit cards.