Criminal data breach site WeLeakInfo just leaked customer payment details

Data Breach
(Image credit: Shutterstock)

Thousands of customers with the now-defunct illegal online service WeLeakInfo have had their details leaked on a popular hacking forum 

A database which contains highly sensitive information on more than 24,000 WeLeakInfo customers in a ZIP archive was discovered online.

As reported by CyberNews, the forum user is now selling highly sensitive information of former WeLeakInfo customers that made their illicit purchases using Stripe. The data available for sale includes their full names, IP addresses, addresses, partial credit card data, transaction dates, Stripe reference numbers and phone numbers for around $2 in virtual forum currency.

Before it was shut down by the FBI in January 2020, WeLeakInfo sold access to stolen information scraped from over 10,000 data breaches. In total, the site contained 12 billion indexed user credentials that included names, usernames, email addresses and passwords for online accounts.

However, customers that made purchases from WeLeakInfo using PayPal or Bitcoin are “all good” according to the forum user as their information is not included in the leak.

WeLeakInfo customer data

The forum user selling the WeLeakInfo archive claims that the FBI may have missed a spot when it seized the site's original domain as there was a separate domain associated with the service that was used to process payments for those who bought stolen data via Stripe.

WeLeakInfo's payment site was not allowed to expire in March of this year and as a result, anyone could have claimed the domain as their own which is exactly what the hacking forum user did. They claim they were able to perform a password reset against the Stripe account that was associated with the two owners of WeLeakInfo and gain access to all of the data from the website. During its time in of operation which lasted for less than a year, the site was able to accumulate a little over £100,000 ($138k) from 24,603 customers. 

Judging from the data samples provided by the forum user, the age of the Stripe account owner is consistent with the information about the arrested owners of WeLeakInfo, according to CyberNews. The information contained in the WeLeakInfo database could be used by law enforcement to arrest those who previously purchased stolen data but it could also be used by other cybercriminals to launch extortion or blackmail attacks.

If you're concerned that your credentials may have leaked online following a data breach, you can always use CyberNews' personal data leak checker to search through its library of over 15bn breached records.

Via CyberNews

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Representational image of data security
Travel data of almost 500,000 users exposed in Daytrip leak
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Security
American National Insurance Company breach data found online
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Data leak
Popular online bill paying site leaks data of thousands of users
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before