Security experts found a threat actor from a hacking forum selling stolen databases that contain sensitive data of more than 24,000 customers from a banned online platform WeLeakInfo.com. Cybercriminals used to leverage the WeLeakInfo.com platform for trading stolen information and to discuss various hacking techniques with other attackers in the community.
Information Leaked
The hacker posted a ZIP file that contained payment data of WeLeakInfo customers who made illegal purchases using Stripe, an online payment processing service. The leaked file exposed sensitive information including full names, partial credit card data, transaction dates, Stripe reference numbers, currencies and amounts paid for stolen data, email addresses, IP addresses, addresses, and contact numbers. In the post, the hacker also clarified that users who bought stolen data from WeLeakInfo through PayPal or Bitcoin were not affected by the incident.
Hacker’s Post
Hackers’ Domain Resurfaces!
Security experts from Cyble claimed that a member of the WeLeakInfo platform re-registered wli.design, which is one of the domains of WeLeakInfo.
“The WeLeakInfo operators allegedly used the domain’s email address for payments via Stripe. The actor claimed to have registered the domain and then created an email address on the registered domain used in their Stripe account. Upon access to WeLeakInfo’s Stripe account, the actor allegedly gained access to their customers’ details (including email, address, partial card details, purchase history, and others),” Cyble said.
FBI’s Take Down of WeLeakInfo
In January 2020, the FBI and the U.S. Department of Justice seized the WeLeakInfo.com domain for selling sensitive information that was hacked from other sources in the past three years. According to the official notice, published by the U.S. Attorney Jessie K. Liu of the District of Columbia and Special Agent in Charge Timothy M. Dunham of the FBI’s Washington Field Office, WeLeakInfo sold more than 12 billion user records that included names, usernames email addresses, phone numbers, and passwords for online accounts.
