Thousands of customers of the now-defunct illegal online service WeLeakInfo have had their contact details leaked on a popular hacking forum

A database containing highly sensitive information on over 24,000 WeLeakInfo customers in a ZIP archive has been discovered online.

As reported by CyberNews, the forum user is now selling highly sensitive information from former WeLeakInfo customers who made their illicit purchases using Stripe. Data available for sale includes their full names, IP addresses, addresses, partial credit card data, transaction dates, Stripe reference numbers, and phone numbers for approximately $ 2 in virtual forum currency.

Before its shutdown by the FBI in January 2020, WeLeakInfo sold access to stolen information recovered from more than 10,000 data breaches. In total, the site contained 12 billion indexed user IDs that included names, usernames, email addresses and passwords for online accounts.

However, customers who have made purchases from WeLeakInfo using PayPal or Bitcoin are “all good” according to the forum user because their information is not included in the leak.

WeLeakInfo customer data

Forum user selling WeLeakInfo archives claims that the FBI may have missed a spot when they entered the site’s original domain because there was a separate domain associated with the service that was used to process payments for those who have purchased stolen data through Stripe.

WeLeakInfo’s payment site was not allowed to expire in March of this year, and as a result, anyone could have claimed the domain as their own, which is exactly what the forum user said. hacking did. They claim that they were able to reset the Stripe account password associated with the two WeLeakInfo owners and gain access to all data on the website. During its period of operation which lasted less than a year, the site was able to accumulate just over £ 100,000 ($ 138,000) from 24,603 customers.

Judging from the sample data provided by the forum user, the age of the Stripe account owner is consistent with the information on the arrested owners of WeLeakInfo, according to CyberNews. The information in the WeLeakInfo database could be used by law enforcement to arrest those who previously purchased stolen data, but it could also be used by other cybercriminals to launch extortion or extortion attacks. blackmail.

If you are concerned that your credentials may be disclosed online as a result of a data breach, you can always use CyberNews‘personal data leak checker to search its library for over 15 billion broken records.

Via CyberNews