Chinese social media giant saw a massive data breach result in data of millions of users available for sale on the dark web.
According to a March 19 report from Chinese blockchain news outlet Jinse, basic account information of 172 million users was available, priced at 0.177 BTC. The account information for sale included user ID, number of Weibo posts, number of fans and followers, gender and geographical location.
Weibo confirmed the privacy issue yet deleted the post later on
According to Jinse, Weibo’s security director Luo Shiyao responded to the incident in a now-deleted post, explaining that:
“Users' mobile phone numbers were leaked through forced matching with an address book API in 2019. The rest of the public information was scraped on the web.”
Luo added that the company took immediate measures to shut down the API and reported the leak to the policy as soon as they detected it. He claimed the company was doing everything they can to find those responsible. He added that:
“User privacy is crucial, especially when it comes to mobile phone numbers."
Jinse also reported on a post from former director of Ali Group Security Research Lab’s that said:
“Many people’s mobile phone numbers have been leaked. All you need is the Weibo account address and the user's phone number is revealed.”
Both Weibo security director and former Ali group lab director later deleted these posts, according to Jinse.
Privacy issue continues to be a concern for social media users
As Cointelegraph reported, a similar incident happened to social media giant Facebook. In September, 17% of Facebook’s 2.4 billion users had their data exposed.
In that instance, a database of information from 419 million Facebook accounts including names, phone numbers, gender and country of residence became available for download.