538 Million Weibo Records Are Sold on the Dark Web, 172 Million Phone Numbers Included
Having a social media account can help you share your everyday moments with your family and friends or catch up with what is happening in their lives. The downside of using social media platforms is that, while creating them, you often end up sharing personal or even sensitive information. If you do not limit who can see your profile, your personal details could be available to anyone who comes across your account, including hackers. However, the worst part is that social media platforms can hold valuable data of millions of users, which attracts hackers. Their efforts to breach social media websites have already paid off in the past, for example, Facebook experienced its biggest data breach back in 2018 when hackers managed to exploit a vulnerability in the company’s systems. Unfortunately, even a bigger data breach occurred recently as Chinese hackers managed to obtain around 538 million records of Weibo users.
Weibo is a Chinese social media platform that is often compared to Twitter. It had nearly 500 million active users at the end of 2019 and it most likely has even more of them now. Of course, the platform’s reputation might have been damaged when it was revealed that the company experienced a huge data breach and that the stolen Weibo user’s data was sold online. Naturally, if you are using this social media platform, we invite you to read our full blog post, in which, we discuss what happened during the Weibo data breach and what you should do if your data go exposed.
How did hackers obtain Weibo records?
The hacker who stole Weibo records claims that he obtained them during a data breach that took place in 2019. If this is true, it could mean that the company was unable to detect the breach up till now or that it was hiding the incident from its customers for quite some time.
During the attack, the cybercriminal apparently got his hands on a database dump file that contained around 538 million Weibo users’ records. Also, it is said that the file contained data like real users’ names, usernames, gender, and location. Plus, there were around 172 million phone numbers. Weibo owners claimed in Chinese media that none of the users’ passwords were stolen and that users should have nothing to worry about. However, we do not think that doing nothing would be smart. Especially, when it is known that Weibo users’ data is sold online and could be available to any cybercriminal who is willing to pay for it.
What to do if your data was exposed due to the Weibo data breach?
While usernames, locations, and details alike might not seem as sensitive as passwords, they could still be useful to cybercriminals. The fact that Weibo users’ data is sold online on the dark web only proves it. Anything about a user can help figure out his passwords if he creates them while using his personal details. Besides, hackers might be able to combine the data taken during the Weibo attack with information obtained during data breaches performed on different companies’ systems. Also, even though not all 538 million stolen records included phone numbers, a huge amount of them did, and users whose phone numbers got compromised should definitely take extra precautions. As you see, unlike a username, a phone number is a sensitive piece of information.
Secure your Weibo account
Even though cybersecurity specialists say that no passwords got exposed during the Weibo data breach, it is a good opportunity to replace your old password with a stronger one. Currently, it is advisable to use passcodes made from at least 12 characters. Plus, experts advise using both lower-case and upper-case letters, symbols, and numbers. Of course, even if your combination is long enough and made from various characters, it could be still weak if you use your name, date of birth, or any other information that hackers can find online. In other words, a strong password should be made from an entirely unique combination. To make this task easier, you could employ a dedicated password manager that could both generate complex passwords for your accounts and remember them for you. If you have never used such a tool, we recommend trying Cyclonis Password Manager, a tool that can offer even more useful functions.
Ensure that hackers cannot misuse your information
As we said earlier hackers could use stolen information to figure out Weibo users’ passwords. Truth be told, they could also use it to guess passwords of users’ other accounts, for example, passcodes of their email or different social media profiles. Therefore, if any of your passwords are based on your real name, location, or other details that might have been revealed during the Weibo data breach, we highly recommend replacing them as fast as possible.
As for users whose phone numbers got revealed, we recommend keeping it in mind that they could be misused in various ways. Thus, users who do not want to change their numbers should be extra careful from now on. A phone number could be used for various scams, so you should watch out for messages from unknown senders. Even if a message claims that it is from a reputable company, we advise finding a way to confirm it before you do what it asks of you. Also, if hackers know that your accounts are protected with Two-Factor authentication, they could use your phone number to bypass Two-step verification and hack your accounts.
All in all, while it is shocking how much information got compromised during the Weibo data breach, it does not mean that it will get misused if victims of the breach stay alert and take safety precautions. Hopefully, the social media platform’s creators will put more effort into securing their systems as well as create more safety features to help their users to secure their accounts. Also, we hope that the event will be a wake-up call to users of different social media platforms too. You cannot control what data gets exposed during a data breach, but you can limit the information available on our account and, as said earlier, there are always ways to ensure that hackers will not have much gain from your personal and sensitive data.