A hacker is selling an extensive collection of data belonging to 538 million users of the Weibo platform on the dark web. The seller claims to have breached Weibo in the past, but only now offers the stolen personal details for purchase. The data includes the user's real name, Weibo username, gender, geographic location, and phone number (for 172 million of them). There are no passwords included that could be used to steal the Weibo accounts, so the value of the offering drops down to just $250.
Weibo is a popular Chinese social media platform which has over 445 million active users each month. It supports the posting of images, Instagram-like stories, written content that results in money rewards, and also the sending of direct personal messages through the chat system. The database that’s now for sale allegedly contains the entirety of the Weibo userbase, which introduces the possibility of an API-based attack. The hacker’s listing looks like an SQL database dump, though, so it could also come from accessing an unprotected server or breaching a protected one. Unfortunately, Weibo hasn’t given too detailed explanations on what exactly has happened.
The speculation in Chinese media began with credential stuffing and password spraying, a theory in which the absence of passwords in the dump quickly dismissed. The subsequent claims of the data being fake were also disregarded, as the hacker provided samples of the collection that were confirmed to be valid. Weibo believes that the phone numbers were the result of an API matching event that took place at the end of 2018, so the two sets of data could be a combination of separate breaches. Still, nothing can be said with certainty right now, and a large number of Chinese users risk seeing their personal data exposed in the meantime.
Weibo has already reported whatever listing they could find online (there are many), and the Chinese police are now trying to determine the hacker's electronic trace. If it is a local hacker who’s behind the Weibo user data listings, they will most probably locate him/her soon, as they have successfully done many times in the past. The Chinese Internet is subject to high levels of scrutiny and control, so even the most skillful hackers have a hard time flying under the radar for long.