Hackers have put up a database containing personal details of over 538 million Weibo users for sale on the dark web for just $238 or CNY 1,799.
The database contains personal information including names, Weibo IDs, number of posts, number of followers, gender and location and contact numbers for nearly 172 million of the affected users.
According to some reports, hackers were able to breach into the Chinese social media sometime during the middle of 2019.
Weibo data breach
Following the breach, several users, including Alibaba security director Wei Xingguo, posted on Weibo that their contact details had been leaked and that they were getting connection requests based on phone number search option. Wei’s post was later deleted.
While Weibo has acknowledged the leak, it has downplayed the incident, stating that the data was collected using illegal software. The company’s security director Luo Shiyao responded to Wei’s post, hinting that the phone numbers were leaked in a brute force attack while other details can easily be collected online – however even this post was later deleted from Weibo.
Experts who are following the issue closely suggest that there are irregularities in the statement issued by Weibo. While the company has stated that the data was extracted using an API, experts suggest that the data on sale includes details which are normally not shared using APIs.
Weibo, on the other hand, has announced that it has made a police complaint against this data theft and relevant authorities have been notified. It also advices users to not use similar passwords for different platforms as it puts accounts at a risk.