Site icon Panda Security Mediacenter

Personal information of 24,000 WeLeakInfo customers leaked online

Until early 2020, WeLeakInfo was a website that was openly selling stolen data information of billions of people. In January last year, the FBI raided the illegal operation and seized the website. At the time, the website was a widely popular service for everyone interested in obtaining stolen data credentials. It is believed that the number of stolen data records offered on the now-defunct website was upwards of 12 billion.

During its active years, the illegal online service was openly selling information such as real names, usernames, passwords, and physical addresses, among other sensitive information types. The website’s termination was a major success for the FBI and other government agencies from Germany, UK, and Northern Ireland.

In an ironic turn of events, details of approximately 24,000 WeLeakInfo customers who purchased stolen information from the website have now leaked online and appear to be up for grabs on the dark web. The details of anyone who has made a purchase with a credit card using Stripe are likely in this database. With the general advancement of technology and tracking techniques used by government agencies, this might be a case where hunters become prey as the cybercriminals who purchased illegal databases are the ones who are exposed and vulnerable now.

A person who kept an eye on the website domain name expiration date managed to register the domain’s payment site after the FBI failed to renew it. With the gained access, resetting the WeLeakInfo account on stripe.com was a relatively easy task. It took the user only a few clicks to get all the data associated with nearly 25,000 customers. The leaked information of those who purchased from the site includes full names, partial credit card information, browser user agent string data, phone numbers, email addresses, amounts paid, and IP addresses. According to the person with access to WeLeakInfo’s stripe account, people who used cryptocurrency or PayPal to make purchases on the defunct website are not included in this list and are safe… for now.

Who might be interested in such information? There are a lot of parties who might want to take peek at the list. That includes law enforcement agencies located in the mainly affected countries, hackers who believe their credentials might be on the list and want a head start, or cybercriminals who have the tools to connect the dots and use the information to blackmail the parties who purchased stolen data.

Everyone makes mistakes, and even hackers sometimes fail to cover their digital prints, which can haunt them for decades. The more digital prints people leave, the more likely it is for others to find one way or another to judge them for their actions. Remember that one day, your digital actions, such as your activity on social media websites, might end up in the hands of hackers or the woke crowd. Instead of hoping you are on the right side of history when the time comes, making sure your connection to the internet remains as private as possible. This might end up being one of the best decisions you’ve made in 2021.

Exit mobile version