A database containing sensitive information of more than 10,000 customers of the now-closed online service WeLeakInfo has been put up for sale on a popular hacker forum.
The user who sells the leaked info got hold of it by registering one of the domains that used to belong to WeLeakInfo and then using an email address associated with this domain to access WeLeakInfo’s Stripe account and details of 10,000+ of their customers.
WeLeakInfo.com was a data breach notification service: various customers, both companies and individuals, used it to see if their credentials have been compromised in data breaches.
But it was shut down in early 2020, in a joint operation by the FBI, the UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland that resulted in the seizure of the WeLeakInfo.com domain.
Then, security experts from Cyble noticed that a member of a hacking forum claimed to have bought one of the old WeLeakInfo domains – wli.design – on March 11, 2021.
The actor explained in a post on a hacker forum that they created an email address for the domain and used it to access WeLeakInfo’s account on Stripe, a popular payment service. This allowed the actor to access the personal details of more than 10,000 former WeLeakInfo customers.
The forum user is now selling this highly sensitive information which includes full names, IP addresses, street addresses, and phone numbers – for about $2.
“For the customers who used their real names and personal payment accounts to make the illegal purchases, this leak, if genuine, is tantamount to doxxing,” reads the post published by Cyble.
“Upon access to WeLeakInfo’s Stripe account, the actor allegedly gained access to their customers’ details (including email, address, partial card details, purchase history and others). One of the files leaked by the actor, named “top_customers.csv,” includes a total of 100 personal and “maybe professional” email addresses, while another file includes buyers’ addresses and partial details of their credit cards,” the report reads.
The information found in the WeLeakData archive could end up in the hands of bad actors. They would leverage it later in blackmail, extortion, and social engineering tactics.