Thousands of customers with the now-defunct illegal online service WeLeakInfo have had their details leaked on a popular hacking forum (opens in new tab)
A database which contains highly sensitive information on more than 24,000 WeLeakInfo customers in a ZIP archive was discovered online.
As reported by CyberNews, the forum user is now selling highly sensitive information of former WeLeakInfo customers that made their illicit purchases using Stripe (opens in new tab). The data available for sale includes their full names, IP addresses, addresses, partial credit card data, transaction dates, Stripe reference numbers and phone numbers for around $2 in virtual forum currency.
- We've built a list of the best malware removal (opens in new tab) software
- These are the best secure routers (opens in new tab) on the market
- Also check out our roundup of the best ransomware protection (opens in new tab)
Before it was shut down by the FBI in January 2020, WeLeakInfo sold access to stolen information scraped from over 10,000 data breaches. In total, the site contained 12 billion indexed user credentials that included names, usernames, email addresses and passwords for online accounts.
However, customers that made purchases from WeLeakInfo using PayPal (opens in new tab) or Bitcoin (opens in new tab) are “all good” according to the forum user as their information is not included in the leak.
WeLeakInfo customer data
The forum user selling the WeLeakInfo archive claims that the FBI may have missed a spot when it seized the site's original domain as there was a separate domain associated with the service that was used to process payments (opens in new tab) for those who bought stolen data via Stripe.
WeLeakInfo's payment site was not allowed to expire in March of this year and as a result, anyone could have claimed the domain as their own which is exactly what the hacking forum user did. They claim they were able to perform a password reset against the Stripe account that was associated with the two owners of WeLeakInfo and gain access to all of the data from the website. During its time in of operation which lasted for less than a year, the site was able to accumulate a little over £100,000 ($138k) from 24,603 customers.
Judging from the data samples provided by the forum user, the age of the Stripe account owner is consistent with the information about the arrested owners of WeLeakInfo, according to CyberNews. The information contained in the WeLeakInfo database could be used by law enforcement to arrest those who previously purchased stolen data but it could also be used by other cybercriminals to launch extortion (opens in new tab) or blackmail (opens in new tab) attacks.
If you're concerned that your credentials may have leaked online following a data breach, you can always use CyberNews' personal data leak checker (opens in new tab) to search through its library of over 15bn breached records.
- We've also featured the best antivirus (opens in new tab)
Via CyberNews (opens in new tab)