When most people think of their stolen personal data—like their phone number, passwords, or home address—they assume it’s in the hands of hackers or shady identity thieves operating in the shadows of the internet. Perhaps it’s being used by law enforcement without proper oversight, or sold secretly by bad actors inside insurance firms. What most wouldn’t expect is that the same data can now be purchased openly on the internet by anyone with a credit card and $50 to spare.
A startling exposé from 404 Media reveals that Farnsworth Intelligence, a U.S.-based startup founded by 23-year-old Aidan Raney, is selling access to a massive trove of stolen data through a website that’s anything but subtle: Infostealers.info. The product is also called Infostealers, and it functions exactly as its name implies. For as little as fifty dollars, customers can search a database packed with personal information sourced directly from illicit data breaches—information that, in most jurisdictions, is classified as criminally obtained.
This goes far beyond the shady “people finder” sites that scrape public records. Farnsworth’s database includes autofill data stored in browsers, saved credentials, contact lists, and other private information that should never be openly available. For those with a bit more money—and a “legitimate” reason—the company offers an even more invasive product: the Infostealer Data Platform, which can provide usernames and passwords. Access isn’t universally granted, but Farnsworth claims it will allow journalists, private investigators, compliance officers, law enforcement, and others to use the tool without requiring a court order or warrant.
The promotional language used by the company is alarmingly brazen. Farnsworth touts its social engineering capabilities and claims to have “infiltrated a North Korean laptop farm,” all while repeatedly emphasizing its usefulness for “corporate due diligence” and “enhanced background checks.” Nowhere on the site is there any clear explanation of how the data is obtained—or what safeguards, if any, prevent it from being used maliciously.
While there are legitimate uses for breach-monitoring tools (such as alerting individuals or companies to leaked credentials), Farnsworth Intelligence appears to cross a line by commodifying stolen information and allowing essentially anyone to exploit it. The ethical implications are vast, particularly for vulnerable individuals who could be tracked or harmed using these services.
As 404 Media points out, evidence obtained through illegal means is generally inadmissible in court. But legality is not the only concern here. Whether it’s a stalker, an abusive ex, or a repressive government agent, there are countless ways that this data could be misused with life-altering consequences. There’s no need for imagination to understand how dangerous this can become.
The Electronic Frontier Foundation’s Cooper Quintin put it bluntly: “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”
Requests for comment to both Farnsworth and Raney went unanswered. The original report by 404 Media is highly recommended reading for anyone seeking the full, disturbing depth of this issue.
