‘WeLeakInfo.com’ was seized by the FBI back in January 2020, and at the end of the year, 21 users of the platform who bought data from it were arrested and charged in the UK. Now, over a year after the events that essentially finished the leaked credentials selling platform, someone is selling the personal information of 24,603 users of WeLeakInfo. This is obviously catastrophic for those hackers, as it could result in their legal prosecution.
The sale is taking place on a hacker forum, and the ZIP archive contains the following information:
Because WeLeakInfo was accepting payments via Stripe, too, some users of the platform gave away their real identities to buy stuff from it. Possibly, they thought that WeLeakInfo wasn’t illegal as it was reselling information that had already been leaked elsewhere. That said, the users who bought credentials using BTC or PayPal aren’t included in this pack.
The ZIP that exposes those 24,000 WeLeakInfo users is being sold for as low as $2 in crypto. The seller claims that the FBI forgot to renew the seized domain of weleakinfo.com, which became available for re-registration and subsequent data extraction.
What is weird here is that the FBI could have done the same, but they either chose not to prosecute these people, or they just didn’t dig into the matter as much as they could have.
Whatever the case, it is important to remember that buying data obtained illegally can get you into trouble. It doesn’t matter if it’s already available elsewhere or if the seller claims that there’s nothing illegal going on. And finally, this works as another example of the dangers of having your sensitive data stored on shady databases of platforms whose admins don’t care to ever delete anything.