September 27, 2020

Weibo leaked 538 million user records for sale on the dark web

1 min read

According to PingWest, Weibo leaked 538 million user information. Currently, this leaked information is being sold on the dark web for 0.177 bitcoin.

At the same time, a Twitter user, @1ancet also forwarded screenshots saying that some users’ mobile numbers can be queried through nicknames, which means that the truth of these leaked data may be very high.

The publisher stated on the dark web that the database contains 172 million account information, as well as ID, number of Weibo posts, number of fans, gender and location.

Luo Shiyao, Director of Information Security at Weibo said in response that “Phone numbers were leaked due to brute-force matching in 2019 and other personal information were crawled on the Internet.”

“Weibo” by bfishadow is licensed under CC BY 2.0 

In response to the security incident, the Weibo security director issued a post stating that most of the information was not leaked on Weibo channels, but was collected and integrated by hackers from other channels.

From the end of 2018 to 2019, there were hackers that used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment.

In this regard, the Weibo security director acknowledged that some users’ data was indeed stolen by hackers, but the Weibo team has already blocked the relevant interfaces after discovering anomalies.