Credit card information, addresses, phone numbers, IP addresses, etc. of 24,000 people who purchased personal information on illegal sites leaked


by

Nicola Albertini

Personal information such as the addresses, credit card information, phone numbers, and IP addresses of 24,000 people who illegally purchased data using the personal information trading site 'WeLeakInfo' will be sold on the online forum. did.

Hacker on hacker crime: personal information of 24,000 illegal data buyers leaked online | CyberNews
https://cybernews.com/security/hacker-on-hacker-crime-personal-information-of-24000-illegal-data-buyers-put-for-sale-online/

WeLeakInfo Leaked Customer Payment Info — Krebs on Security
https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/

WeLeakInfo is a website that sold about 12 billion pieces of personal information collected by more than 10,000 data breaches. In January 2020, the US Department of Justice arrested two WeLeakInfo operators, and the WeLeakInfo domain was seized by authorities.

The dark site that sold 12 billion passwords is arrested by the international police --GIGAZINE



WeLeakInfo can be used at a low price such as '24-hour access is $ 2 (about 220 yen)', '1 week access is $ 7 (about 770 yen)', and '1 month access is $ 25 (about 2700 yen)'. Since it can display the associated password and the email address related to the password, it was a convenient tool for cyber attacks on individuals.



WeLeakInfo was seized by the authorities, but the domain registration expired within the seized period. According to a post on a data leak forum called Raidforums, a user named 'pompompurin' who noticed the domain expired newly registered the domain and reset the password of the Stripe account associated with the operator of WeLeakInfo. He said he did.



This gives you access to all the data of the person who paid with Stripe when using WeLeakInfo. However, the data of people who used Bitcoin or PayPal for payment is not accessed.

When Flashpoint, a cyber security company, receives a copy of the data from Pompom Pudding, it contains personal information such as credit card information, email address, name, IP address, browser user agent string, address, phone number, and fees paid. Was there. It was also found that WeLeakInfo had sold around £ 100,000 from 24,603 customers in less than a year.

Pompompurin has sold WeLeak Info customer information by compressing the following data into a ZIP file on the forum.



CyberNews , which publishes security-related information, cautions that if you leave an expired domain unattended, you may be able to access the accounts associated with that domain.

in Security, Posted by darkhorse_log