A month after hacker forum WeLeakData.com was shuttered, the content of its database, including hackers’ private messages, is for sale on the dark web.
Noting claims that the FBI seized the forum, resulting in its closure, are unsupported, researchers at Cyble who identified and verified the database leak said, “After a brief time of being offline, allegedly, the site was sold to a new member of the forum, and came back online.” About the same time they observed “a new fork cracking site – leaksmarket.com which was strikingly the same site (operated by a new actor with no credibility), with all the same content,” leading them to believe the original WeLeakData database either had been compromised or rebranded by the original owner. “However, when they came back online in April, the second hypothesis got nulled, and we then had a high degree of the confidence level of a data breach, at one of the largest cracking communities itself,” researchers said in a blog post.
WeLeakData.com, which researchers referred to as a well-managed forum competitive with RaidForums traded in leaked databases, using third-party e-commerce platform Shoppy to upgrade memberships.
When Cyble researchers first accessed the database from a dark web market seller in April, they found it contained information, such as email addresses, usernames, passwords, private messages and IP addresses, on the forum’s members, “mostly researchers, hackers, cybercriminals and crackers.”
On April 2020, Cyble researchers managed to gain access to the WeLeakData.com database from a darkweb market seller and identified several interesting aspects from the database file.
The database includes interesting information of its members, who are mostly researchers, hackers, cybercriminals and crackers.
The reputation of the forum is undoubtedly there and is seen as a competitor to RaidForums. The business model of the forum was quite straightforward- it was mainly a criminal forum that specializes in the trade of leaked databases and uses the third-party e-commerce platform Shoppy for membership upgrades
Saying “there is no honor among cyber thieves,” KnowBe4 Security Awareness Advocate Javvad Malik pointed out, “All credentials and private data such as chat data has some value, and the private conversations of WeLeakData proves no exception.” And the breach demonstrates that no data is safe.
“The biting irony of the situation aside, the serious takeaway is that no data is safe,” comforte AG Product Manager Trevor Morgan said. “Not even the data generated, collected, and stored by the people engaged in intrusion and data theft, by those who know intimately how defense tactics can be overcome for their own purposes (and potential gain).”
The WeLeakData.com breach, Malik said, “should be a reminder for all organizations of all sizes and nature, that they should invest into cybersecurity, because even data which they feel may be of little value, always has value to criminals.”