WeLeakInfo Leaked Customer Payment Info (krebsonsecurity.com) 14
A lapsed domain registration tied to WeLeakInfo, a wildly popular service that sold access to more than 12 billion usernames and passwords from thousands of hacked websites, "let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card," reports Krebs on Security. This comes after the service was seized a little over a year ago by the FBI and law enforcement partners overseas. From the report: In a post on the database leaking forum Raidforums, a regular contributor using the handle "pompompurin" said he stole the WeLeakInfo payment logs and other data after noticing the domain wli[.]design was no longer listed as registered. "Long story short: FBI let one of weleakinfo's domains expire that they used for the emails/payments," pompompurin wrote. "I registered that domain, & was able to [password] reset the stripe.com account & get all the Data. [It's] only from people that used stripe.com to checkout. If you used paypal or [bitcoin] ur all good."
Cyber threat intelligence firm Flashpoint obtained a copy of the data leaked by pompompurin, and said it includes partial credit card data, email addresses, full names, IP addresses, browser user agent string data, physical addresses, phone numbers, and amount paid. One forum member commented that they found their own payment data in the logs.
Cyber threat intelligence firm Flashpoint obtained a copy of the data leaked by pompompurin, and said it includes partial credit card data, email addresses, full names, IP addresses, browser user agent string data, physical addresses, phone numbers, and amount paid. One forum member commented that they found their own payment data in the logs.
WeLeakInfo? (Score:5, Funny)
Now that's honest advertising!
Re: (Score:2)
Best truth in advertising EVAR!!!
Re: (Score:2)
Unsurprisingly, the headline is very misleading. The people behind the site didn't leak their own customer details: a random fifth party did (where the first and second parties are the site and the customer, the third party is the online payment system Stripe, and the fourth party is the FBI, which seized the domain and then let it go).
Talk About Flagged (Score:2)
Every person on that list will now be flagged for investigation and not just by local and federal investigations but also by tax regulators (because those kinds of identity borrowers don't pay their taxes on their not legal income).
Re: (Score:2)
You don't think that already happened when the FBI seized the domain?
No hypocrisy for once. (Score:2)
Nice (Score:2)
Nice to see a website actually delivering on their promise.
Buying illegal things with a credit card (Score:3)
LMAO
Re: (Score:2)
I think the error might be in assuming that the names, addresses, and credit card details belong to, or are in any way related to, the person buying the dodgy 'goods'.
Re: (Score:2)
This is true.
that's rather illegal (Score:2)
"pompompurin" just publicly admitted hacking a payment acquirer.
That's stupid, prosecutable and entirely deserved if he does end up charged for it.
Re: (Score:2)
Indeed and his actions might be viewed by some inside the FBI as making them look bad, that is an even bigger no no - in terms of "asking for it"