Sina Weibo Suffered Data Breach Exposing 538 Million Records Now On Sale

Chinese microblogging giant Sina Weibo has now made it to the news owing to a security incident. Weibo suffered a data breach exposing 538 million records. What’s concerning is that the stolen data is now for sale on the dark web.

Sina Weibo Data Breach

Reportedly, Chinese site Sina Weibo has faced a data breach exposing millions of records. According to reports, around 538 million users’ information are circulating online that hackers have stolen from Weibo.

The news surfaced online after Wei Xingguo (Yun Shu), CTO Moresec, posted about it on Weibo. Wei even alleged that his own contact number was leaked along with other’s data on March 19.

Later, Weibo officials also confirmed the breach, however, they did not relate it to an attack on their systems. According to Luo Shiyao, Security Director at Weibo, the data surfaced online due to a ‘dictionary attack’, perhaps dated back to 2018.

Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet… When we found the security vulnerability, we took measures to fix it.

Though, Pandaily reported that both Wei’s and Luo’s posts were deleted later.

Hacked Data Sold Online

While the exact timings of the breach remain unconfirmed, there certainly is a breach that made users’ data public.

Following Wei’s post, users also revealed in the comment section that they found explicit details of the users on the dark web. As reported, around 172 million records leaked on darknet had basic account information and put on sale for 0.177 bitcoins.

According to Phala Network, the breach of information seems true as they could also buy the data through a Telegram group. As stated in their post (translated) the author could buy his own data.

The author personally tested, 0.358 ETH = 260 points, 10 points can be used for a general query, which is equivalent to 0.0138 ETH once, which is about 10 yuan once…
I have learned through the mobile phone number query that I have exposed my multiple passwords and real names!

Until the time of writing this article, there aren’t many details regarding the breach, nor Weibo has put up any public disclosure or denial of the incident. Yet, reports hint that the company is presently investigating the matter. So, let’s wait for more details from the official sources.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil