Journalists of the publication Zdnet reported that 538 million users of the Weibo Chinese social network appeared on the darknet, including name, username, gender, location, and phone numbers for 172 million users.
The seller claims that he hacked Weibo back in mid-2019 and received a dump of the company's user database. The passwords as a result of this hack were not stolen, and therefore the hacker sells information for only 1,799 yen (approximately $ 250).
Weibo representatives have already commented on the situation by the Chinese media, and also published on the official website statement. So, the press was informed that these phone numbers were received at the end of 2018, when Weibo engineers watched as a number of accounts download large packages of contacts, in an attempt to match these accounts with their corresponding phone numbers. And in a separate statement, the company says that it does not store passwords in unencrypted form at all, so users have nothing to worry about. It is also known that law enforcement authorities have already been informed of the incident, and the police are conducting an investigation.
However, a number of information security experts indicate strange inconsistencies in the company's responses. For example, judging by the hacker’s announcement, the data was obtained from a SQL database dump, although Weibo representatives say that phone numbers were determined by matching contacts with the company’s API. Also, this version does not explain how the cracker gained access to other information, including user location data. This information is not publicly available and it cannot be retrieved from the API.