The biggest social media platform of China – Weibo, the microblogging website has been hacked. A hacker hacked into Weibo’s database in Mid-2019 and obtained a massive dump of user’s data.
The database contains accounts and personal details of 538 million Weibo users and 172 million user’s phone numbers. Personal details include names, usernames, gender, location, no. of posts and followers. The database containing personal details is on sale for $238 on Dark Web. It is priced so low due to the fact that it doesn’t contain passwords while the phone number database is priced at $1,150.
An Ad surfaced over the dark web selling Weibo accounts.
Meanwhile, Weibo acknowledges the breach yet there answer to media is quite confusing as the leak is from a SQL dump while Weibo states it to be from API matching. Not only this, but Weibo also stated that there is no leak of Weibo IDs and passwords.
Phone numbers were leaked due to brute-force matching in 2019, and other personal information was crawled on the Internet. When we found the security vulnerability we took measures to fix it.
Lou Shiyao, Weibo’s Security Director
Various cybersecurity firms said that there is a massive leak and Weibo is still not clarifying what has happened actually. Weibo is unable to clarify how the cyber actors obtained other personal details including gender and locations. Weibo further notified the authorities and police regarding the matter.
