Hacker Site Hacked: WeLeakInfo Leaks Info - Security Boulevard

Hacker Site Hacked: WeLeakInfo Leaks Info

A hacker is selling a database of personal information: Nothing unusual there. But these 24,000 records are the identifiable info of other hackers.

More specifically, of people who had themselves bought leaked information from WeLeakInfo. You might remember the name—the FBI seized the site in January 2020.

DevOps Experience

The deed was done by logging into the original Stripe account used to process the site payments. In today’s SB Blogwatch, we get all the Schadenfreude feels.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Do Not Eat.

Blowback Karma

What’s the craic? Vilija Jankutė-Kopūstė and friends report—“personal information of 24,000 illegal data buyers leaked online”:

 Before it was shut down by the FBI in January 2020, WeLeakInfo was a website that had been selling access to stolen information scraped from more than 10,000 data breaches … over 12 billion indexed user credentials, including names, usernames, email addresses and passwords for online accounts. [But] there was a separate domain … used to process payments [that was] allowed to expire in March 2021.

The [hacker] is selling a ZIP archive that contains payment data of WeLeakInfo customers who made their illicit purchases via Stripe, including: Full names, Partial credit card data, Transaction dates and their Stripe reference numbers, Currencies and amounts paid for stolen data, Email addresses, IP addresses … Street addresses, Phone numbers.

Could this spell doom for more than 24,000 users whose personal details are now accessible to law enforcement agencies? Back in January 2021, a year after the website was seized, the UK’s National Crime Agency arrested 21 people across the country as part of an operation targeting former WeLeakData customers.

If you don’t want to wake up to see confidential company data sold on some hacker forum, make sure to keep tabs on your domain expiry dates. Otherwise, someone can snatch your domain on the day of expiry, take it over and access all of the accounts attached to it.

Seeing the irony, Brian Krebs re-cycles the story—“WeLeakInfo Leaked Customer Payment Info”:

 WeLeakInfo.com [was] a wildly popular service. [It] was the largest of several services selling access to hacked passwords.

It was a fantastic tool for launching targeted attacks against people. [But] in an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers.

It’s been a tough few months for denizens of various hacking forums, which are finding themselves on the defensive end of a great many attacks testing [their] operational security lately. [And] services like WeLeakInfo can just as easily be used against cybercriminals as by them.

Whoa. I think Gravis Zero speaks for many:

 WeLeakInfo? … Now that’s honest advertising!

And Adam Rawnsley—@arawnsley—calls it “Breachception”:

 Breach aggregator sells access to hacked user account info. Gets hacked and someone dumps the user account info of people buying user account info.

So that’s 24,000 people looking over their shoulders? rtb61 explains why:

 Every person on that list will now be flagged for investigation—and not just by local and federal investigations, but also by tax regulators (because those kinds of identity borrowers don’t pay their taxes on their not-legal income).

And Troy “Have I Been Pwned” Hunt gives them a heads-up:

 Just sent notifications to ~1,000 … subscribers, which is a massively high percentage of the breach (it’s usually about 1%). Gonna be some nervous people know that their personal info and purchase history is against this one.

However, here’s a big ol’ ACKCHYUALLY from pjt33:

 The headline is very misleading. The people behind the site didn’t leak their own customer details: a random fifth party did (where the first and second parties are the site and the customer, the third party is the online payment system Stripe, and the fourth party is the FBI, which seized the domain and then let it go).

Meanwhile, ****ed laughs uneasily:

 lol i am so screwed i was literally 12 when i made a wli account.

And Finally:

There’s a reason it says “Do Not Eat” on those little packets

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Thomas Bjornstad (via Unsplash)

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 295 posts and counting.See all posts by richi