D2
Администратор
- Регистрация
- 19 Фев 2025
- Сообщения
- 4,380
- Реакции
- 0
In the best example of karma that the internet can provide, private information from several cybercriminals who bought leaked data on the WeLeakInfo website ended up, themselves, exposed on the world wide web. And an FBI waver may have been the trigger for that.
In January 2020, the WeLeakInfo domain was seized by the FBI. The forum was a point well known as a repository of information stolen from people, and several hackers in the world maintained accounts open in it to buy said information.
After the FBI's apprehension, however, an unidentified hacker said that US federal officials were not very diligent in closing the forum. According to him, the site had a separate domain, used only for payment processing through the company Stripe.
As a result, this second domain won in March, allowing anyone to redeem it on their behalf, assuming authority over it. And that’s what that person did. After performing a simple password reset process associated with the Stripe account, he was able to access all data from cybercriminals who made some payment to WeLeakInfo through the processing platform - including the two owners of the forum before it was taken over by the FBI.
Over 12 billion credentials
According to Cyber News, the information obtained now is what should be called a "double-edged sword": on the one hand, it can be used by investigative authorities to obtain greater evidence against all prisoners at the close of WeLeakInfo. On the other hand, by making the database available to the public, other cybercriminals can also access it and practice fraud or extortion, causing even more security breaches.
However, users who made their purchases via PayPal or bitcoin escaped this leak, as neither system uses Stripe's structure to process payments made.
Before its closure, WeLeakInfo, which was less than a year old, sold access to stolen information that was gathered from approximately 10,000 database breaches. In total numbers, the site contained 12 billion access credentials from a variety of platforms, including full and usernames, email addresses and passwords and, in some cases, credit card numbers and access to third-party accounts on platforms. e-commerce.
In January 2020, the WeLeakInfo domain was seized by the FBI. The forum was a point well known as a repository of information stolen from people, and several hackers in the world maintained accounts open in it to buy said information.
After the FBI's apprehension, however, an unidentified hacker said that US federal officials were not very diligent in closing the forum. According to him, the site had a separate domain, used only for payment processing through the company Stripe.
As a result, this second domain won in March, allowing anyone to redeem it on their behalf, assuming authority over it. And that’s what that person did. After performing a simple password reset process associated with the Stripe account, he was able to access all data from cybercriminals who made some payment to WeLeakInfo through the processing platform - including the two owners of the forum before it was taken over by the FBI.
Over 12 billion credentials
According to Cyber News, the information obtained now is what should be called a "double-edged sword": on the one hand, it can be used by investigative authorities to obtain greater evidence against all prisoners at the close of WeLeakInfo. On the other hand, by making the database available to the public, other cybercriminals can also access it and practice fraud or extortion, causing even more security breaches.
However, users who made their purchases via PayPal or bitcoin escaped this leak, as neither system uses Stripe's structure to process payments made.
Before its closure, WeLeakInfo, which was less than a year old, sold access to stolen information that was gathered from approximately 10,000 database breaches. In total numbers, the site contained 12 billion access credentials from a variety of platforms, including full and usernames, email addresses and passwords and, in some cases, credit card numbers and access to third-party accounts on platforms. e-commerce.