Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Home Seeking Victims in the xDedic Investigation

Seeking Victims in the xDedic Investigation

Seeking Victims in the xDedic Investigation

The xDedic marketplace, which began in late 2014, sold compromised credentials (such as usernames and passwords) for computers across the globe. Within the marketplace, sellers “stocked the shelves” with compromised credentials that they obtained using their own tools or tools provided by the marketplace. Buyers bought the compromised credentials to carry out various crimes such as business email compromise, ransomware campaigns, and the filing of fraudulent tax returns. These compromised credentials allowed cyber criminals to remotely access the computers using Remote Desktop Protocol (RDP). Since its inception, the FBI and IRS estimate that the xDedic marketplace listed more than 800,000 credentials for sale

If you believe you are a victim of a crime related to the selling of compromised credentials, please complete the below questionnaire. Your responses are voluntary but would be useful in the federal investigation and to identify you as a potential victim. Based on the responses provided, you may be contacted by the FBI and asked to provide additional information.

The FBI is legally mandated to identify victims of federal crimes that they investigate and provide these victims with information, assistance services, and resources

Contact Information
1. How were you directed to this questionnaire?   Select all that apply.
characters remaining
2. Have you used Remote Desktop Protocol (RDP)?  

3. Have you been a victim of a cyber crime?   (e.g., business email compromise, ransomware, tax fraud, computer intrusion, etc.)

3b. If yes, is there evidence of the event? (Do you, your IT staff, a security professional, law enforcement agency, or anyone else currently maintain log files, disk images, computers, hard drives, transaction records, etc., related to the crime?)

4. Were you or your business negatively impacted by this event?  

Privacy Act Statement

The FBI is authorized to collect the information on this form by one or more of the following provisions: Title 28, United States Code, sections 533 and 534; Title 28, Code of Federal Regulations, section 0.85; and the Attorney General Guidelines for Victim and Witness Assistance. The information requested will assist the FBI in providing you with assistance to which crime victims are entitled under federal law. You do not have to provide the requested information; however, failure to do so may hinder the FBI in providing you with crime victim assistance. The information collected on this form is protected by the Privacy Act of 1974, as amended, Title 5, United States Code section 552a, and is maintained in the FBI’s Central Records System, DOJ/FBI-002, a description of which was published in the Federal Register at 63 Fed. Reg. 8671 (Feb. 20, 1998) and which may be viewed at