A U.S. startup is selling your stolen data to anyone with $50

When you imagine personal data stolen on the internet, like your address, phone number, internet history, or even passwords, you probably think of hackers passing it to identity thieves. Maybe you think of cops getting their hands on it in less-than-legal ways, or maybe an insurance company spying on its customers. But apparently anyone can buy this data, from a U.S. company, for as little as $50.

That company is Farnsworth Intelligence, an “open-source intel” startup from 23-year-old founder Aidan Raney. And it’s not being coy about what it’s doing. The company’s primary consumer-level product is called “Infostealers,” and it’s hosted at Infostealers.info. (Yup, what a URL.) According to an exposé from 404 Media, a simple purchase starting at fifty bucks can get you access to a searchable database of personal data from people all over the United States and the world.

And this isn’t just the usual stuff you could find on the various “people pages” sites, the somewhat scummy descendants of the Yellow Pages. No, this is information apparently sourced directly from data breaches, stolen from companies and services in ways that just about every country considers a crime. There’s a full suite of data available for perusing, up to and including the auto-fill addresses you stick into your browser so you don’t have to type them into every new store.

Farnsworth Intelligence

But it goes even deeper. Farnsworth Intelligence’s more powerful Infostealer Data Platform product will serve up private data that includes usernames and passwords. Yes, again, the actual product is called “Infostealer.” This feature isn’t available to just anyone…but it is available to anyone who can provide a compelling reason. The list of apparently legitimate use cases Farnsworth accepts includes “private investigations, intelligence, journalism, law enforcement, cyber security, compliance, IP/brand protection.”

There’s no mention of a warrant necessary to access this stolen information.

Farnsworth’s public-facing sight seems almost gleefully eager to declare its ability to collect information via less-than-legitimate means. “We are renown [sic] for our human intelligence capabilities, having successfully infiltrated a North Korean laptop farm through social engineering techniques and succesfully [sic] extracting intelligence that saved companies millions of dollars,” declares a promo blurb. Farnsworth says this information can be used for “corporate due diligence,” “enhanced background checks,” and “advanced asset searches.” Exactly how Farnsworth procures its trillions of data points is not disclosed.

It’s easy enough to find stolen personal info, since hardly a week goes by without a database of millions of users making its way onto the dark web. And there are legitimate reasons for people to find and catalog those databases, like security companies alerting their customers when their passwords have been leaked. But brazenly selling stolen information on the open market, especially when there are so many companies, governments, and other state-level actors that can use it to do harm, seems incredibly callous.

And it’s worth pointing out that evidence obtained illegally is generally inadmissible in a criminal prosecution. But that wouldn’t stop, say, an abusive ex from tracking down their victim’s most recent address. There are plenty of other ways for illegally obtained information to be used to hurt people. I’m sure I don’t have to draw you a picture of why groups of vulnerable people who are already targeted wouldn’t want it to be searchable by private investigators or government agents, with nothing more than a credit card.

I’m a technology journalist. I don’t have the authority to declare behavior like this legal or illegal, and my employer’s lawyers would probably tackle me if I tried. But as a human being, I can point out that collecting private, stolen information, then selling it to anyone without a thought for what further damage it might cause, is the epitome of sociopathic greed. “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different,” said Cooper Quintin of the Electronic Frontier Foundation.

404 Media requested comment from both Farnsworth Intelligence and its founder, and received no response. I highly recommend reading 404 Media’s original report for the full scope of the situation.