Ukraine Nabs 18-Year-Old Hacker Behind 28K Account Thefts

Ukrainian cyberpolice, working in coordination with U.S. law enforcement, have identified an 18-year-old male from Odesa suspected of orchestrating an infostealer malware operation that compromised 28,000 customer accounts from a California-based online retailer. The threat actor deployed information-stealing malware between 2024 and 2025 to infect users' devices, harvesting browser sessions, login credentials, session tokens, cryptocurrency wallet data, and payment information. Authorities estimate approximately $721,000 in unauthorized purchases were conducted using 5,800 of the stolen accounts, resulting in $250,000 in direct losses including chargebacks.

The suspect allegedly administered the command-and-control infrastructure used to collect and process stolen data, selling harvested information through specialized online platforms and Telegram bots. Law enforcement conducted two search operations at the suspect's residences, seizing mobile phones, computer equipment, bank cards, electronic storage media, and other digital evidence. Investigators recovered access credentials to resources used for selling stolen data, server activity logs, and cryptocurrency exchange accounts, all allegedly linking the 18-year-old to the criminal operation.

Security researchers note that session tokens stolen by infostealers can enable account access without passwords and may even bypass multi-factor authentication protections. Users concerned about credential exposure can check if their accounts have been compromised using an email breach checker, while those wanting to verify their browsing security can run a DNS leak test to ensure their connections remain private. At this stage, authorities have identified the suspect and gathered substantial evidence, though no formal arrest has been announced as investigators continue building their case.