A hacker is selling the personal data of a Chinese social network’s entire user base on the dark web.
Claiming to have breached the social network Weibo in 2019 and obtaining the company’s user database, a hacker is selling the personal data of 538 million users on the dark web.
Stolen data include users’ real name, usernames, gender, geographic location – and for 172 million users, their phone numbers.
As passwords are not included, the data is being sold for only ¥1,799 ($250).
Not much details has been disclosed as to how the data was obtained, with the Chinese media speculating credential stuffing and password spraying. However, this theory was quickly dismissed due to the absence of passwords.
In a statement, the social network stated that the data was obtained by matching contacts against its API, however this does not explain how hackers managed to obtain other details such as gender and location.
Chinese security experts have noted that in numerous ads placed by the hacker, there are indicators that the data came from an SQL database dump instead.
Weibo has notified authorities and an investigation has been launched.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/