U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

538 Million Weibo users’ records being sold on Dark Web

Hackers are offering for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers. Data of 538 million Weibo users are available for sale on the dark web the news was reported by several Chinese media and users on social networks. 107 million records include personal data and […]

weibo data

Hackers are offering for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers.

Data of 538 million Weibo users are available for sale on the dark web the news was reported by several Chinese media and users on social networks.

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords.

The huge amount of data is available for 0.177 Bitcoin, approximately USD 1032.

“Internet users found that 538 million Weibo user records are being sold on dark web marketplace. 107 million of the whole leaked personal data have basic account information, including user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more.” reported the website PingWest.

The presence in the dump of not public users’ details, including gender and location, suggests the hackers had access to the company database.

Weibo is a popular Chinese micro-blogging (weibo) website, it was launched by Sina Corporation on 14 August 2009, it claimed over 445 million monthly active users as of Q3 2018. 

The ads published by the sellers claim that the data were stolen from Weibo in mid-2019.

The company confirmed that the data were obtained in 2019 due to credential stuffing attacks and other information gathered online. The explanation provided by the company is not convincing because the dump offered for sale doesn’t include users’ passwords.

“Phone numbers were leaked due to brute-force matching in 2019 and other personal information were crawled on the Internet,” said Luo Shiyao, Director of Information Security at Weibo. “When we found the security vulnerability we took measures to fix it. We also reported to the police as soon as possible and submit related information to them. Besides, we have been investigating the ‘gray industry’ because we take user personal information very seriously, especially their personal data contains phone numbers.”

“Don’t be credulous. Both password fields and Know Your Customer (KYC) data fields are not shown in the description. Don’t worry too much. Good night.” Luo added.

weibo data

The seller also shared samples of the data that are legitimate.

The Chinese company already notified authorities about the incident, the investigation is still ongoing.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Weibo, data Dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]