The personal details belonging to 538 million users of the Chinese social platform Weibo have been put up for sale on the dark web. The latest news come in the wake of investigations that have led Chinese media to detect the suspicious activity on the hidden web.
Reportedly, advertisements posted on the dark web and other online platforms indicate that a cybercriminal attacked Weibo in 2019, and obtained a cache of the firm’s user database. It is alleged that the database hold the personal identifiable information of the 538 million users, including their real names, website usernames, genders, location and about 172 million user cellphone numbers.
A Not-So-Valuable Data Breach
As mentioned above, a mid-2019 breach of the Weibo platform led to hacker access to the user database which, as it turns out, has not claimed an impressive price tag.
It is reported that the account details belonging to the millions of Weibo users is advertised for a paltry $250 – an amount that is less than half of what the laid-off U.S. workers earn weekly as part of the Enhanced Employment Benefits in COVID-19 aid.
From the above observation, it can be inferred that the low value of the data breach is caused by the fact that the stolen database lacks password information. Nonetheless, the limited set of stolen information would have earned the hackers lots of money in the past.
Risk to Weibo Users
As mentioned already, the limited nature of this data breach was not bound to earn the hackers lots of money.
While this reality holds firmly, the big question is – what are the potential risks that the affected users are predisposed?
In terms of hacking potential, the fact that some 172 million user phone numbers were accessed by the cybercriminals is troubling. Otherwise, such basic information would be used by criminals in scamming attacks – including the possibility that the sets of information will be uploaded to massive dark web files in order to establish fake identities for fraud purposes.
Further, anonymous Weibo users will face the greatest risk. This aspect holds truth considering that although the platform is heavily monitored by the Chinese government, it has gone on record that the social network has been used for sharing uncensored information before. Even scarier, the breach will likely expose the anonymous users to the general public.
Importantly, the nature of profiles exposed will possibly hold sensitive location information and phone numbers of public figures.
A Number of Unanswered Questions
At this point, there’s still a lot of answered questions. Considering that the hacker selling the information on the dark web admitted that the massive database was obtained from the mid-2019 data breach, it is very unclear whether both new and older users were targeted in the attack.
In addition, while Weibo acknowledged the breach, the firm has not provided precise information about the circumstances of the data heist – thus leaving all of us wondering whether more information was actually exposed than reported.
Finally, the significantly low price being asked by the hackers may not have any correlation to the quality of data exposed. A close look at this case may suggest that the cybercriminals are only interested in selling large volumes of the data on time before Chinese law enforcement agencies establish a trail on the heist.
You can join the discussion on Dread and Tape forum