Ukraine Probes Teen Suspect in $721K Credential Theft Scheme Targeting California Online Shoppers
Ukrainian authorities have identified an 18-year-old suspect in an international cybercrime operation that compromised nearly 30,000 customer accounts of a U.S.-based online retailer, causing over $250,000 in losses.
Ukrainian law enforcement has identified an 18-year-old resident of Odesa as a key suspect in a cyber theft scheme that targeted online shoppers in California, compromising nearly 30,000 customer accounts and causing more than $250,000 in losses. The investigation began after U.S. authorities alerted Ukraine that hackers operating from the country were attacking American e-commerce platform users, according to a statement from Ukraine's Prosecutor General on Wednesday.
The cybercriminals used info-stealing malware to infect devices and harvest login credentials and session data from users of an unnamed online retailer based in California. Between 2024 and 2025, the group gained unauthorized access to tens of thousands of customer accounts. Officials said the hackers later used at least 5,800 of the compromised accounts to make unauthorized purchases worth roughly $721,000, with losses including chargeback costs exceeding $250,000.
The stolen information was processed and sold through online platforms and Telegram channels, authorities allege. The 18-year-old suspect is accused of managing the online infrastructure used to process, sell, and exploit the stolen data. Investigators said he also used cryptocurrency services to conduct transactions with alleged accomplices.
Ukrainian authorities conducted searches at two residences linked to the suspect, seizing mobile phones, computers, bank cards, and electronic storage devices. Among the materials recovered were credentials for platforms used to sell stolen data, email accounts linked to compromised users, server activity logs, and cryptocurrency exchange account information.
Authorities did not identify the hacker group allegedly involved or specify which malware tools were used. The investigation remains ongoing, and police had not responded to a request for comment at the time of publication.
This case highlights the growing sophistication of cybercriminal operations targeting e-commerce platforms, where stolen credentials are monetized through fraudulent purchases and resold on underground markets. The cross-border cooperation between U.S. and Ukrainian authorities underscores the international nature of such cybercrime investigations.
Ukrainian cyberpolice and U.S. law enforcement identified the suspect as an 18-year-old Odesa resident who operated the infostealer infrastructure between 2024 and 2025, according to a police announcement on Wednesday. Authorities seized phones, computers, bank cards, and evidence linking him to Telegram-based sales of stolen session tokens and cryptocurrency transactions with accomplices, though no arrest has been reported yet.