WeLeakData, a popular online platform where hackers and cybercriminals visit on the regular, was recently compromised and the leaked personal member info is now being sold on the dark web.
Sometime in January 2020, WeLeakData went offline without notice, an aspect that led to suspicions that the go-to cybercriminal platform had been seized by authorities. The fact that the website went off the internet gave rise to the belief that WeLeakData had been affected by the FBI seizure of a similar sounding platform, WeLeakInfo.com.
However, the connection between WeLeakData and WeleakInfo.com has not been fully established including a host of reports indicating that the former’s site admins had been apprehended by Europol agents.
Leaked Data Put Up for Sale on the Dark Web
Nonetheless, researchers from Cyble, a major cyber intelligence firm, received information about a massive cyber-attack that took down the WeLeakedData website, an aspect that may explained why the platform went off the internet in April.
The cyber security company has now identified and verified reports that the entire database belonging to the cybercriminals’ one-stop-shop for cybercriminals has been put up for sale on the dark web.
Specifically, the database contains a large category of personal data belonging to WeLeakData members – including usernames, [password information, email addresses, private messages. and the IP addresses of hackers and other cybercriminals that have always sought services of the website.
Quite obviously, the leaked information should be seen as a potential gold mine to law enforcement efforts in fighting cybercrime. Law enforcement agents stand to benefit from the critical information that has been exposed by the hackers – authorities may exploit the IP addresses provided to establish the locations of the real criminals behind the WeLeakData usernames.
In addition, the presence of email addresses among the compromised data may help the police correlate known cyber-attacks to others, an aspect that will lift the lid on a high number of hacking campaigns that have targeted organizations and individuals.
According to observations made by the researchers at Cyble, following the reported sale of the WeLeakData platform to a new member of the forum, a new website (leaksmarket.com) showed up online.
The new platform showed striking similarities to the WeLeakData in terms of content, an aspect that led the experts to assert that WeLeakData had indeed suffered a hacking attack, and that other hackers had posted the data stolen from the original site on the dark web.
Lessons from the WeLeakData Predicament
At this point, the takedown of WeLeakData has rubbed the cybercriminal world the wrong way. Several cybercriminal operators have admitted the disruption in their activities that this hacking attack has brought them.
According to an email comment by Trevor Morgan, Product Manager at comforte AG, the platform’s predicament presents a rather unprecedented irony in which a cybercriminal platform comes under attack by the same actors that depend on its existence.
Otherwise, the recent development is a wakeup call regarding the reality that “no data is safe”. In Morgan’s remarks, even the data created, harvested, and handled by the criminals experienced in data theft and cyber defense can be affected for potential financial gain.
Importantly, most organizations have become complacent about their internal cybersecurity needs by presuming the invincibility of their security mechanisms. The lack of sensitivity to the fact that no data security measure is foolproof has disposed a host of companies to potentially damaging exposure.
Indeed, the WeLeakData case brings a word of caution to companies associated with legal corporate affairs to revitalize their methods as far as the protection of critical organizational data is concerned.
Again, if cybercriminal actors can be exposed to the damage of leaked data, no one organization or individual is truly “hack proof”.