The Chinese social media giant saw a massive data breach result in data from millions of users available for sale on the dark web.
According to a March 19 report by Chinese blockchain news channel Jinse, basic account information of 172 million users was available, priced at 0.177 BTC. Account information offered for sale included user ID, number of Weibo posts, number of fans and followers, gender and geographic location.
According to Jinse, Weibo security director Luo Shiyao responded to the incident in a now-deleted post, explaining that:
“Users’ mobile phone numbers have been leaked due to forced matching with an address book API in 2019. The rest of the public information has been deleted on the Internet.”
Luo added that the company took immediate action to shut down the API and reported the leak to the policy as soon as they discovered it. He claimed the company made every effort to find those responsible. He added that:
“User privacy is crucial, especially when it comes to mobile phone numbers.”
Jinse also reported on a post from former Ali Group Security Research Lab’s director saying:
“Many people’s cell phone numbers have been leaked. All you need is the Weibo account address and the user’s phone number is revealed. “
Both the Weibo security director and the former director of the Ali group lab removed these posts later, Jinse said.
A similar incident happened with social media giant Facebook. In September, 17% of Facebook’s 2.4 billion users saw their data.
In that case, a database of information from 419 million Facebook accounts, including names, phone numbers, gender and country of residence, could be downloaded.