Ukrainian cyberpolice, working with U.S. law enforcement, identified an 18-year-old suspect from Odesa as a central operator in an infostealer campaign that stole browser sessions and credentials from users of a California online store between 2024 and 2025. Authorities say 28,000 accounts were compromised, 5,800 were used for unauthorized purchases totaling about $721,000, and devices and crypto-related evidence were seized in searches.
Why it matters: The case highlights ongoing risk from infostealers and stolen session tokens, which can enable account takeover and sometimes bypass MFA. Online retailers, fraud teams, and users should treat session theft as a significant threat and review account security, monitoring, and token invalidation practices.
Bill Toulas
2026.05.20
100% relevant
This article establishes a distinct law-enforcement and threat-activity story centered on a specific infostealer operation, identified suspect, and quantified impact on victim accounts.
2026.05.20
99% relevant
This is the same underlying law-enforcement case: Ukrainian authorities identifying an 18-year-old Odesa suspect tied to an infostealer operation that stole about 28,000-30,000 online store accounts and used thousands of them for fraudulent purchases. The article adds that the targeted retailer was based in California, cites 5,800 abused accounts, $721,000 in unauthorized purchases, and notes Telegram-based resale plus seized evidence.
← Back to all stories