After news broke out that millions of Weibo users had their personal information being sold on the dark web, the social network responded on Saturday by downplaying the extent of the damage. Rather than being a leak, Weibo says data was gathered using phone numbers and illegal software.
Last week, former security director at Alibaba Wei Xingguo posted on Weibo that users’ phone numbers had been leaked online. Other Weibo users also claimed they discovered basic account information for 538 million Weibo users being offered on the dark web. The information includes phone numbers, Weibo activity, gender and location. Wei’s post has since been deleted.
Weibo acknowledged that hackers obtained user information from multiple platforms by using illegal software that matches phone numbers, nicknames, QQ numbers and email addresses. Weibo allows users to find other accounts using phone contacts. However, the microblogging platform said that it doesn’t share information like ID numbers and gender. It also said passwords are encrypted, but it warned that using the same password on different platforms puts accounts at risk. The company said it has alerted authorities and strengthened security.
(Abacus is a unit of the South China Morning Post, which is owned by Alibaba.)