- A set of three data packs totaling more than 200 million records appeared on the dark web.
- The listings have been added by the same actor on two different popular dark web forums.
- The data on the packs appears to be valid and fresh, so the breaches must be fairly recent.
Cyble’s dark web monitoring tools have caught three new interesting listings on a popular cybercrime forum, all concerning Chinese citizens. The first one is a data pack containing the sensitive details of roughly 7.3 million people from the Hubei province in China. The actor has offered a sample of 999 citizens to serve as proof for the validity of the data.
The second one is a listing of 41.8 million records that appear to come from the Weibo platform, a Chinese microblogging website. And thirdly, there’s a whopping 192 million records deriving from a compromise on the QQ instant messaging platform, a project belonging to the Chinese tech giant Tencent.
In the first case, and based on the analysis of the sample data, the researchers found the following details in the pack:
- User ID
- Full Name
- Date of Birth
- Mobile Number
- Home Address
- Code number
In the Weibo pack, there’s the Weibo user ID and the respective mobile phone number. And as for the QQ, the user number (qq number) and the phone number are included in CSV format again. Whether or not the seller was involved in the hacks that resulted in stealing this data is unknown, but in all three cases, it’s the same user who has uploaded the data.
The obvious risk that arises from the above is SMS spamming or phishing, so if you’re using any of the three platforms mentioned above, beware. The fact that names and mobile phone numbers have leaked also makes it possible for SIM swapping actors to act in a more targeted manner, which is another reminder of why you should use dedicated phone numbers for 2FA security. And finally, the home address leak in the first case makes the arrival of phishing mail via post possible.
Back in March, we saw a massive 538 million Weibo user records appearing on the dark web, which contained a lot more than what has leaked now. It is possible that the new listing is just a reducted repack of the previous leak, but it is unlikely. If this is indeed a new leak, it is yet another security lapse in less than a year for the popular Chinese social media platform.