WeLeakInfo was a data breach site that offered paid subscriptions to users who could then access their searchable database which contained stolen records. This now defunct site contained 12.5 BILLION records of data that was illegally obtained through various means. This included names, phone numbers, addresses, passwords, and email addresses.
Cybercriminals used this site as a resource for when they would hack corporate networks or run phishing campaigns to deploy ransomware or other threats. The FBI seized the WeLeakInfo domain in January 2020 after an international law enforcement operation allowed them to do it. This group was comprised of the FBI, the UK NCA, the Netherlands National Police Corps, the Police Service of Northern Ireland, and the German Bundeskriminalamt – quite a lineup. This led to the site being shut down and cease of operations for the hackers.
Karma Came Knocking
Recently data containing archived payment processing information from WeLeakInfo was released on another hacking forum called RaidForums. It included the information that WeLeakInfo used via the payment method Stripe. The cost to obtain the records was about $2.54 and was posted by a forum administrator who found it in a data dump from when they themselves had used the service.
Apparently, the FBI had allowed the wli.design domain to expire, and the WeLeakInfo data was accessible as the new site owner informed viewers that he or she “was able to register this domain and then reset the password on their stripe account, giving me full access to all customer information for people that paid via stripe”. Getting burned at your own game. The exposed information included account information and spreadsheets that contained customer lists, payment information, and invoices. Additionally, they found corporate data that included email addresses, names, credit card information, IP addresses, and other identifying information for close to 24,000 payments.
While some of the found information was for businesses that used the service, they were likely security companies using the service to ward off future attacks. While illegally obtaining any information is not something we would support in any manner, in this case, the irony and humor are not lost on us that the hacker got hacked.