- The PII of users who bought credentials from ‘WeLeakInfo’ using Stripe are now exposed.
- The seller of the ZIP claims to have taken control of the domain that was seized last year by the FBI.
- The number of exposed individuals reached up to 24,000, and the details are rich.
‘WeLeakInfo.com’ was seized by the FBI back in January 2020, and at the end of the year, 21 users of the platform who bought data from it were arrested and charged in the UK. Now, over a year after the events that essentially finished the leaked credentials selling platform, someone is selling the personal information of 24,603 users of WeLeakInfo. This is obviously catastrophic for those hackers, as it could result in their legal prosecution.
The sale is taking place on a hacker forum, and the ZIP archive contains the following information:
- Full names
- Partial credit card data
- Transaction dates and their Stripe reference numbers
- Currencies and amounts paid for stolen data
- Email addresses
- IP addresses
- User Agents (used to identify the browser/device used by the customer)
- Physical/Street addresses
- Phone numbers
- Various screenshots of the stripe.com account that received a total of £100,000
Because WeLeakInfo was accepting payments via Stripe, too, some users of the platform gave away their real identities to buy stuff from it. Possibly, they thought that WeLeakInfo wasn’t illegal as it was reselling information that had already been leaked elsewhere. That said, the users who bought credentials using BTC or PayPal aren’t included in this pack.
The ZIP that exposes those 24,000 WeLeakInfo users is being sold for as low as $2 in crypto. The seller claims that the FBI forgot to renew the seized domain of weleakinfo.com, which became available for re-registration and subsequent data extraction.
What is weird here is that the FBI could have done the same, but they either chose not to prosecute these people, or they just didn’t dig into the matter as much as they could have.
Whatever the case, it is important to remember that buying data obtained illegally can get you into trouble. It doesn’t matter if it’s already available elsewhere or if the seller claims that there’s nothing illegal going on. And finally, this works as another example of the dangers of having your sensitive data stored on shady databases of platforms whose admins don’t care to ever delete anything.