The personal details of more than 538 million users of Chinese social network Weibo are put up for sale online.
Hackers have posted ads on the dark web and other places claiming to have breached Weibo in mid-2019 and obtained a heap of the company’s user database.
The database contains the personal details for 538 million Weibo users which includes name, usernames, gender, location, and also phone numbers of 172 million users.
However, passwords were not included, and this might be the reason the hacker has put up the data for sale for just ¥1,799 ($250).
The company has made statement to Chinese media regarding the issue which is rather confusing.
According to a statement sent to Chinese site 36kr and many others, the company claims the phone numbers were obtained at the end of 2018 when its engineers tried to match accounts with their phone numbers, they found some user accounts uploading large batches of contacts.
The Chinese security experts pointed out technical abnormality with the company’s response. This is because the hacker’s ad indicated that the data came from an SQL database dump, which did not match the company’s explanation that the data was obtained by matching contacts against its API.
Also, the company’s statement doesn’t explain how the hacker got other details like gender and location, information which is not public, nor returned by the API when matching contacts.
The hacker, who in some ads was named “@weibo,” also provided samples of the data, which was confirmed accurate by the Weibo users.
The company stated that they have notified authorities regarding the incident and that investigation process is going on.