(Photo Illustration by Thiago Prudencio/SOPA Images/LightRocket via Getty Images)
A Texas man has been sentenced to five years in prison for buying 38,000 stolen logins for PayPal accounts and then trying to drain them of their funds.
That man—37-year-old Marcos Ponce of Austin, Texas—has also been ordered to pay $1.4 million back to PayPal as restitution, the US Justice Department announced today.
The FBI discovered Ponce’s scheme while investigating an unnamed illegal online marketplace that trafficked in stolen login credentials from various websites. In 2016, a foreign law enforcement agency managed to copy all the files inside one of the servers hosting the illegal marketplace. The FBI looked at the server files and realized one of the most prolific buyers on the market was Ponce, who bought 38,153 stolen PayPal login credentials, which “included username, password, name, email, address, balance, linked credit card numbers, linked bank account numbers and other information,” according to court documents.
The FBI connected Ponce to the crime by looking at the IP address used to make the purchases on the illegal marketplace. The same IP address also repeatedly accessed a PayPal account registered to Ponce. In addition, he paid for the stolen PayPal credentials by using a cryptocurrency account registered to his name on Coinbase.
Back in November 2018, the FBI conducted a search of Ponce’s residence in Austin and found a thumb drive, which contained some of the stolen PayPal login credentials. Investigators also uncovered Skype chat logs, which showed Ponce was conspiring with others to drain funds from the PayPal accounts and then launder the money.
The Justice Department said his scheme started as early as November 2015. “Based on information from PayPal, the 38,153 PayPal login credentials purchased by the Moniker R (Ponce) account have been used in connection with over $1,000,000 in intended and completed fraudulent transactions,” the FBI said in court documents.
Ponce pleaded guilty to the crimes last year. “This prosecution and sentence send a powerful message that the cyberworld is not a haven for criminals, and law enforcement will work tirelessly to bring cybercriminals to justice,” US Attorney Ashley Hoff for the Western District of Texas said in a statement.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
