In January 2020, the FBI seized the internet domain WeLeakInfo[.]com. The website served as a breach notification service, similar to HaveIBeenPwned, with one key difference. Unlike HaveIBeenPwned, WeLeakInfo granted subscribers access to clear text passwords leaked through breaches – not just for that subscriber’s own company or email accounts, but for other people’s passwords, too. Now, a threat actor has posted the payment data of the subscribers from WeLeakInfo to Raid forums, where anyone can download the data for 8 credits, a payment system used by the website. The threat actor noted on the post that they managed to hack the “stripe” account used by the website when it was still active. Cyber-security firm Cyble shared samples of the stolen data with Bleeping Computer and told them there were approximately 10,000 unique customers included. The data included spreadsheets that contained information such as email addresses, names, billing addresses, last four digits and expiration dates of credit cards, IP addresses, order history, IP addresses, and phone numbers.
When analyzing the data, it appears that a lot of the companies that were included in the breach we cyber security companies using the website as a part of their service. Though the website was shut down a year ago, it is still important that anyone, whether an individual or a corporation, that had accounts ensure that the credit card they currently use is not one that was used on the website. Anyone whose data was exposed should also be aware of possible extortion attempts or phishing email messages using the WeLeakInfo[.]com customer list information as part of the threat or lure.
More can be read here: https://www.bleepingcomputer.com/news/security/hacker-leaks-payment-data-from-defunct-weleakinfo-breach-site/