538 Million Weibo Users Data Selling on Dark Web Websites for $238 or CNY 1799.
The database contains personal information including
- Weibo user ID’s
- Names
- Gender,
- location
- Number of posts and followers
- Phone numbers nearly 172 million affected users.
According to Zdnet, passwords were not included.
In a statement sent to Chinese site 36kr and many others, the company claims the phone numbers were obtained at the end of 2018 when its engineers observed a series of user accounts uploading large batches of contacts in an attempt to match accounts with their respective phone numbers. In a separate statement posted on its own Weibo profile, the company said it doesn’t store passwords in plaintext and that users should have nothing to worry about.
Weibo, given the information about the leak, the company security director Luo Shiyao responded to Wei’s post, hinting that the phone numbers were leaked in a brute force attack while other details can easily be collected online, and later this post deleted from Weibo.
Weibo announced that we made a police complaint against this data theft, and official authorities have been notified. The company also advised users not to use similar passwords for different platforms.
But some of the security experts said, the Weibo API does not provide information like gender or location. The truth behind this data breach is yet to be solved.