Criminal data breach site WeLeakInfo just leaked customer payment details

Personal information of 24,000 users who purchased stolen data is now being sold online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Thousands of customers with the now-defunct illegal online service WeLeakInfo have had their details leaked on a popularhacking forum

A database which contains highly sensitive information on more than 24,000 WeLeakInfo customers in a ZIP archive was discovered online.

As reported byCyberNews, the forum user is now selling highly sensitive information of former WeLeakInfo customers that made their illicit purchases usingStripe. The data available for sale includes their full names, IP addresses, addresses, partial credit card data, transaction dates, Stripe reference numbers and phone numbers for around $2 in virtual forum currency.

Before it wasshut down by the FBIin January 2020, WeLeakInfo sold access to stolen information scraped from over 10,000data breaches. In total, the site contained 12 billion indexed user credentials that included names, usernames, email addresses and passwords for online accounts.

However, customers that made purchases from WeLeakInfo usingPayPalorBitcoinare “all good” according to the forum user as their information is not included in the leak.

WeLeakInfo customer data

The forum user selling the WeLeakInfo archive claims that the FBI may have missed a spot when it seized the site’s original domain as there was a separate domain associated with the service that was used toprocess paymentsfor those who bought stolen data via Stripe.

WeLeakInfo’s payment site was not allowed to expire in March of this year and as a result, anyone could have claimed the domain as their own which is exactly what the hacking forum user did. They claim they were able to perform a password reset against the Stripe account that was associated with the two owners of WeLeakInfo and gain access to all of the data from the website. During its time in of operation which lasted for less than a year, the site was able to accumulate a little over £100,000 ($138k) from 24,603 customers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Judging from the data samples provided by the forum user, the age of the Stripe account owner is consistent with the information about the arrested owners of WeLeakInfo, according toCyberNews. The information contained in the WeLeakInfo database could be used by law enforcement to arrest those who previously purchased stolen data but it could also be used by other cybercriminals to launchextortionorblackmailattacks.

If you’re concerned that your credentials may have leaked online following a data breach, you can always useCyberNews’personal data leak checkerto search through its library of over 15bn breached records.

ViaCyberNews

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’