Sina Weibo, a microblogging service and the Chinese language counterpart of Twitter, was earlier reported to have been hacked. According to whispers online, 538 million Weibo user accounts were exposed. A platform user confirmed this and even shared that on Mar. 19, 2020 the phone numbers of those exposed accounts were offered for sale on the dark web.
Whispers online started to make rounds when Wei Xingguo (Yun Shu), an executive of a Chinese Internet Security company and former chief of the security research lab of Alibaba shared the information online. The executive claimed that even his own phone number was leaked via Weibo and has received friend requests from WeChat based on the phone number search.
Another platform user claimed that the price of 172 million leaked Weibo phone numbers is for sale for only 0.177 Bitcoin (BTC), which is approximately $1,150. The latest leak appears to have allowed attackers to easily gain access to Weibo users' information, including ID numbers, passwords, locations, usernames, and other details.
Weibo Clarifies The Issue
The recent report about the leaked Weibo accounts was downplayed by Weibo's Security Director Lou Shiyao. "Phone numbers were leaked due to brute-force matching in 2019, and other personal information was crawled on the Internet," adding that "When we found the security vulnerability we took measures to fix it." He added that this is just another type of dictionary attack and not a direct drag from the company's database.
Although Weibo confirmed the data leak, it claimed that no user's ID numbers or passwords were under threat. The company also assured users that its security policy has been reinforced and is continuously optimized. Interestingly, Weibo revealed that the leak was rooted in an attack that happened a couple of years ago.
But, it is hard to be assured when some reports claim otherwise. A research conducted by Phala Network reveals that the Weibo leak allowed real names, ID numbers, email addresses, QQ numbers, and phone numbers can be easily obtained on the dark web. A single search, according to the report, costs around 10 RNB. Another report from TMT revealed that a reliable source had bought their own information.
This includes name, home address, email address, mobile phone number, Weibo account and ID number, and password on the dark web. If the report is to go by, it appears to support claims on various online forums and disproves Weibo's statement. Online whispers also claimed that transactions for leaked Weibo accounts were usually conducted using the chat app Telegram.