A database of an infamous darknet forum called WeLeakData.com was breached, exposing private messages of malicious actors who used the site. Cybercriminals used WeLeakData.com for discussing, trading, and selling databases that are stolen during breaches and combo lists used in credential stuffing attacks.
According to cybersecurity firm Cyble, WeLeakData.com site was suddenly brought offline for unknown reasons in January 2020. It was rumored that the operator of this platform got arrested and that the forum database had been stolen or sold to another hacking group. A month after WeLeakData.com was closed, the content of its database, including hackers’ private messages were kept for sale on the dark web.
“Cyble researchers got the intelligence from the members of the forum that it was not the case though. The reputation of the forum is undoubtedly there and is seen as a competitor to RaidForums. The business model of the forum was quite straightforward- it was mainly a criminal forum that specializes in the trade of leaked databases and uses the third-party e-commerce platform Shoppy for membership upgrades,” Cyble said in a statement.
Cyble stated that its researchers managed to gain access to the WeLeakData.com’s database in April 2020, from a darknet market seller and identified information that belonged to forum’s members, which are mostly researchers, hackers, cybercriminals, and crackers. The researchers found information like email addresses, usernames, passwords, private messages, and IP addresses.
Cyble believes that the site was sold to a new member of the forum, however it was operated under a different domain name – leaksmarket.com, with the same content.
Earlier this year, the authorities of the FBI and the U.S. Department of Justice seized the domain “weleakinfo.com” for selling sensitive information that was hacked from other sources for the past three years. According to the official notice, WeLeakInfo sold more than 12 billion user records that included: names, usernames email addresses, phone numbers, and passwords for online accounts. The notice also claimed that WeLeakInfo provided its users with a search engine to access the data that was illicitly obtained from over 10,000 data breaches. The U.S. Department of Justice urged the public to help them in finding the website’s owners.