Chinese social media giant Weibo has suffered from a data breach affecting 538 million users. In response, the Chinese government is stepping in.
Another day, another data breach. This time, however, this is not your typical data breach. Chinese social media platform Weibo is the latest victim of a data breach. An estimated 538 million users have been impacted by the breach. These accounts have been put up for sale on the dark web.
From TechRadar:
Hackers have put up a database containing personal details of over 538 million Weibo users for sale on the dark web for just $238 or CNY 1,799.
The database contains personal information including names, Weibo IDs, number of posts, number of followers, gender and location and contact numbers for nearly 172 million of the affected users.
According to some reports, hackers were able to breach into the Chinese social media sometime during the middle of 2019.
It’s probably little surprise that this is pretty big news in China. The case is big enough to gain not just attention, but a response from the Chinese government. Officials are stepping in and pressuring the company to adopt better security standards. From CampaignAsia:
China’s Ministry of Industry and Information Technology (MIIT) has summoned officials of Sina Weibo to a meeting and then issued a statement admonishing the company to take appropriate measures following an alleged leak of more than 500 million user-data records.
In an official statement yesterday, the MIIT ordered Weibo enhance its data-security measures to better protect personal information, as well as endeavour to notify users and authorities in the event that data-security incidents occur.
Last week, Wei Xingguo, Alibaba’s former security chief, claimed on Weibo that details about millions of Weibo users, including himself, were available for sale online. According to some netizens who investigated during the subsequent public outcry, basic information on 538 million Weibo users, including phone numbers and addresses, was circulating on the ‘dark web’. Wei’s post was eventually deleted.
The numbers, at the very least, is significant. We’ve grown accustomed to seeing data leaks and breaches that go into the millions and even tens of millions. Once you start getting into the hundreds of millions, you get into the realm of particularly notable security incidences. It’s rare that we see a breach or leak get up to half a billion people. When we did our year end special for our podcast, we counted down the top 10 biggest by numbers security incidences we covered all throughout 2019. In order to make it into the top 5, an incident had to exceed 540 million. This one is only 2 million users off of that. So, if this year matches last year in terms of large security incidences, this could very well become a top 5 security incident for 2020. We obviously can’t predict the future, but we can safely say this one could easily be a contender for one of 2020’s top 10 security incidences.
March has been quite interesting for security incidences so far. First was the Clearview AI breach. Things only went downhill from there with the leaks/breaches of Koodo, Virgin Media, Carnival Corp, TrueFire, possibly the US Census Bureau, and Advantage/Argus.
We can say that this is the largest one we’ve covered all month so far and we can only hope this is the worst this month will see. We can hope this is as bad as we’ll ever see all year, but we can’t really hold our breath on that one by any means.
Drew Wilson on Twitter: @icecube85 and Facebook.