News

mPerks theft suspect to hand over $630,000 in cryptocurrency, cash after plea deal

Published

4 months ago

on

A 22-year-old Grand Haven man has agreed to forfeit approximately $630,000 in cryptocurrency and cash, as well as his computer tower, after pleading guilty to buying and selling stolen mPerks account login information on the dark web.

Nicholas Mui pleaded guilty to one count of conducting a criminal activity in Kent County Circuit Court on Monday.

Thousands of Meijer customers were compromised in the crime, Michigan Attorney General Dana Nessel said said in Januaryand Meijer was forced to pay customers more than $1 million in damages.

The investigation, which began in the spring, was conducted by Meijer detectives, the Michigan State Police and the Attorney General’s Focused Organized Retail Crime Enforcement (FORCE) team.

“Their complex investigation was instrumental in securing hundreds of thousands of dollars in compensation and safeguarding a loyalty program used by many in our state,” Nessel said Tuesday.

Mui is scheduled to be sentenced on Sept. 5. As part of his plea agreement, one charge of using a computer to commit a felony and seven charges of identity theft were dropped.

Mui was accused of acquiring mPerks account information from the dark web and then selling the data to people who then used the points for Meijer purchases. At the time of his indictment, officials said they had seized about $20,000 in cash and $460,000 in digital currency wallets.

Nessel’s office and the Michigan State Police were contacted last spring by Meijer, which had received complaints from several customers who said their mPerks points had been removed from their accounts. mPerks is a loyalty program through which Meijer customers can earn points that can be used as store credit.

During the investigation, officials found that account login information and points contained in those accounts were being traded in encrypted chat rooms and overseas online marketplaces, Nessel said earlier this year. One vendor, “Alphaland,” stood out in the number of sales it made of mPerks in exchange for cryptocurrency and digital currency.

When investigators monitored Alphaland, they found that he had more than 300 digital currency wallets that used five different cryptocurrencies, but mostly Bitcoin, Nessel said.

Officials traced the seller’s activity to Mui’s home in Ottawa County. Mui would verify the login information with mPerks to determine how much each account earned and then advertise the login information and account contents online.

Officials believe the information sold online was not obtained through a direct breach of Meijer’s system, but likely through a previous large-scale breach of separate software like MyFitness Pal, which affected 150 million accounts in a 2018 breach.

It’s likely that software was used to analyze data from the separate breach and compare the stolen login information to other accounts, such as mPerks, that may have used the same username and password.

eleblanc@detroitnews.com

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version