Threat groups leaking stolen databases have been widespread across the dark web landscape. One includes the WeLeak Database group observed by researchers from iZOOlogic to remain active, specifically on their Telegram channel with over 12,000 subscribers.
The WeLeak Database group has set up their Telegram channel to provide massive database dumps for the public and their subscribers, with most of the dumps making it to hot topics on threat advisories recently. According to our dark web researchers, the group’s database leaks are collected from the hacking activities of numerous cybercriminal gangs, which they consolidate as a list on their Telegram channel for the public to see.
Initial observations from our researchers tie Telegram user @GuntherMagnuson as the owner of this group. This clue was evident from several online paid advertisements linking the said user account to the WeLeak Database group.
Some of the WeLeak Database group’s leaked stolen databases are free, while most are available for premium purchases offered for their clients.
Furthermore, the group releases the databases stolen from different organisations from several regions worldwide, indicating that they do not focus on targeted countries as their victims.
One of the WeLeak Database group’s data dump activities involved a domain registrar and web services provider, Epik, which transpired in September last year. The notorious Anonymous threat group had hacked into Epik’s servers to steal a huge volume of their database. Research shows that masses of Epik’s customers were included in the data dump, including vital records from WHOIS, which contained 15,003,961 unique email addresses, full names, phone numbers, addresses, passwords, and other credentials.
Our researchers will continue to probe the dark web and monitor the malicious activities of threat groups, such as the WeLeak Database. People who have been actively sharing their information online must be cautious about such threats concerning data leaks since being compromised might result in further cyberattack incidents like scams, phishing, and identity theft.