[BreachExchange] WeLeakInfo's Customer Records Leaked

Destry Winant destry at riskbasedsecurity.com
Wed Mar 17 10:24:32 EDT 2021 

https://www.ehackingnews.com/2021/03/weleakinfos-customer-records-leaked.html

WeLeakInfo.com was an information breach notification service that was
permitting its clients to check if their credentials have been
compromised in information breaches. The service was guaranteeing a
database of more than 12 billion records from over 10,000 data
breaches. In mid-2020, a joint operation directed by the FBI in
coordination with the UK NCA, the Netherlands National uPolice Corps,
the German Bundeskriminalamt, and the Police Service of Northern
Ireland resulted in the seizure of the WeLeakInfo.com domain.

The U.S. Department of Justice in January declared that it seized
weleakinfo.com, which existed since 2017. The site sold different
subscription levels, making it workable for scammers to access and
look through the database. Two 22-year old men,, one in the
Netherlands and the other in Northern Ireland, were arrested in
connection with running the site, as per the Dutch media source Nu.nl.

The site additionally vowed to alert members if their own data was
stolen and uploaded to the database, with a feature called “Asset
Monitoring.” “Get notified when your information is detected in a data
breach,” the sales pitch said, according to an archived version of the
homepage. “Stay one step ahead of hackers.”

Weleakinfo, and other sites like it, basically work as a noxious
variant of HaveIBeenPwned, a database where guests can check if their
data has been compromised. HaveIBeenPwned permits clients to decide
whether an email address has been included for different information
breaches.

Security specialists from Cyble saw that a member from a hacking forum
professed to have registered in one of the domains of WeLeakInfo,,
wli.design, which was enlisted again on March 11 2021. At that point,
the actor made an email address for the domain and utilized it to get
to the account of the cybercrime group registered on the payment
service Stripe. The admittance to the Stripe account permitted the
actor to get to clients' details, including email, address, partial
card details, and purchase history.

“The WeLeakInfo operators allegedly used the domain’s email address
for payments via Stripe, the actor claimed. The actor claimed to have
registered the domain and then created an email address on the
registered domain used in their Stripe account gaining access to
WeLeakInfo customers details.” reads the post published by Cyble.

More information about the BreachExchange mailing list