538 Million Weibo users’ records being sold on Dark Web

Hackers are offering for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers.

Data of 538 million Weibo users are available for sale on the dark web the news was reported by several Chinese media and users on social networks.

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords.

The huge amount of data is available for 0.177 Bitcoin, approximately USD 1032.

“Internet users found that 538 million Weibo user records are being sold on dark web marketplace. 107 million of the whole leaked personal data have basic account information, including user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more.” reported the website PingWest.

The presence in the dump of not public users’ details, including gender and location, suggests the hackers had access to the company database.

Weibo is a popular Chinese micro-blogging (weibo) website, it was launched by Sina Corporation on 14 August 2009, it claimed over 445 million monthly active users as of Q3 2018.

The ads published by the sellers claim that the data were stolen from Weibo in mid-2019.

The company confirmed that the data were obtained in 2019 due to credential stuffing attacks and other information gathered online. The explanation provided by the company is not convincing because the dump offered for sale doesn’t include users’ passwords.

“Phone numbers were leaked due to brute-force matching in 2019 and other personal information were crawled on the Internet,” said Luo Shiyao, Director of Information Security at Weibo. “When we found the security vulnerability we took measures to fix it. We also reported to the police as soon as possible and submit related information to them. Besides, we have been investigating the ‘gray industry’ because we take user personal information very seriously, especially their personal data contains phone numbers.”

“Don’t be credulous. Both password fields and Know Your Customer (KYC) data fields are not shown in the description. Don’t worry too much. Good night.” Luo added.

The seller also shared samples of the data that are legitimate.

The Chinese company already notified authorities about the incident, the investigation is still ongoing.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Weibo, data Dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.