Criminal marketplace for stolen browser fingerprints and credentials (seized by FBI)
In April 2023, the FBI and an international coalition (Europol, Dutch police) seized Genesis Market in "Operation Cookie Monster." Genesis was a criminal marketplace that sold stolen "identity packages" (browser fingerprints, cookies, saved credentials, and full payment-card data) harvested from ~1.5 million malware-infected devices covering 80M+ accounts. Data from the seizure (~8 million records in this dataset) was made available for victim notification. Exposed fields include names, emails, phone numbers, addresses, dates of birth, passwords, full credit cards with CVV, and browser user-agent/fingerprint details. This is a law-enforcement-seized criminal/infostealer dataset, not a breach of a single legitimate organization.
ObscureIQ assessment: Extremely high risk. Exposure can reveal buyers, sellers, and targets of stolen identity packages, enabling law-enforcement targeting, retaliation, and further fraud against already-compromised victims.
The seized dataset represents victims of infostealer malware whose complete "identity packages" - credentials, full credit-card data and CVV, browser fingerprints, cookies, DOB, contact and address data - were sold to criminals for account takeover and impersonation. For affected individuals the exposure is severe and multi-vector (financial fraud, ATO, identity theft, session hijacking); the law-enforcement seizure and notification are mitigations.
Genesis Market was an invitation-only criminal marketplace that sold "bots" - packages of stolen credentials, browser fingerprints, cookies, and session tokens harvested from malware-infected devices, enabling buyers to impersonate victims and bypass authentication. It operated for roughly five years until its April 2023 takedown.
Identity-fraud marketplaces collect user accounts, billing records, search activity, and listings tied to stolen identities, browser fingerprints, cookies, and access artifacts.
On April 4, 2023, the FBI, Europol, and Dutch police seized Genesis Market in "Operation Cookie Monster," with ~120 arrests and 200+ searches worldwide. The marketplace had offered data stolen from 1.5M+ computers covering 80M+ accounts (~460,000 packages listed). Seized data was made available for victim notification (e.g., via Have I Been Pwned).
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Malware / Infostealer.
If you believe your information may be included:
In April 2023, the FBI and an international coalition (Europol, Dutch police) seized Genesis Market in "Operation Cookie Monster." Genesis was a criminal marketplace that sold stolen "identity packages" (browser fingerprints, cookies, saved credentials, and full payment-card data) harvested from…
Verified fields include Credit Card, Credit Card Cvv, Date of Birth, Email Address, Full Name, Password, Phone Number, Physical Address, User Agent, Username.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation