It’s been a rough week for China’s Twitter-like social media networking platform Weibo — not to mention for 538 million of its users (link in Chinese) whose personal data was apparently for sale online. The price tag for the data? Just $ 238 (1,799 yuan) to discover the names, Weibo IDs, numbers of followers and posts, genders, locations, and contact numbers of the 538 million users.
Thankfully, nobody appeared to have purchased the data before the breach was detected. Last week, Wèi Xīngguó 魏兴国, Alibaba’s former security chief, revealed that data on hundreds of millions of Weibo users is for sale on the dark web. Wei’s post has since been deleted, and the page on the dark web where the data was reportedly for sale showed a product volume of zero as of yesterday.
Amid public outcry over the massive data breach, the Ministry of Industry and Information Technology (MIIT), China’s technology and industry regulator, called Weibo’s representatives to a meeting in which MIIT demanded that Weibo improve data security per a statement (link in Chinese) on MIIT’s website.
How was the data extracted from the popular social media platform? Weibo’s statement on how the hackers accessed user data is, according to TechRadar, inconsistent. The company claims that the sensitive user information was stolen using an API, but some experts believe that the data includes details which are not typically shared using APIs.
Weibo has lodged a police complaint regarding the theft, and urged users to use different passwords for other platforms to boost security. Weibo also stated its commitment to improving the platform’s security. Yet many feel that the platform downplayed its role in the theft by suggesting that using the same password on different platforms puts users at greater risk for data breaches, seemingly placing blame on Weibo users rather than taking responsibility.