Login

Register

Login

Register


Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibaba’s Security Research Lab posted on Weibo that millions of Weibo users’ data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on “phone number search.”

In the comment section, netizens claimed that they found 538 million user records including user IDs, number of Weibo posts, number of followers, gender and geographic location available for purchase on the dark web. Among all the user records, 172 million had basic account information, all of which was available for sale for 0.177 Bitcoin.

Luo Shiyao, Weibo’s Security Director responded on Weibo that the Internet security community was merely “overreacting.” “Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet,” adding that “When we found the security vulnerability we took measures to fix it.” Luo stated that this is likely another “dictionary attack” instead of a direct drag from Weibo’s database.

Both Wei’s thread and Luo’s Weibo post have been deleted.

Flow chart of the information purchase process (Source: Phala Network)

Weibo responded to media admitting that the data leak is true, while no users’ passwords or ID numbers were under threat. Weibo also claimed that its security policy has since been strengthened and is under continuous optimization. The company also stated that the leak traced back to an attack on Weibo in late 2018, when hackers used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment. Weibo concluded that no other information besides users’ IDs was leaked and its normal services would not be affected.

However, according to Phala Network‘s research, users’ ID numbers, emails, real names, phone numbers and related QQ numbers can all be obtained through the Weibo information leak on the dark net. One search costs approximately 10 RMB. According to TMT Post, a source had purchased their own personal information including name, email, home address, mobile phone number, Weibo account number and password on the dark web and confirmed it to be accurate. Another source revealed to TMT Post that even some user’s license plate numbers and previous passwords could be found. Chat app Telegram is a major platform where transactions for the leaked data are conducted.



Source link
——————————————————————————————————

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW