Understanding Weibo Data Breaches: Credential Stuffing, Database Dumping, and Data Laundering

Recently a major security incident was reported on Weibo: a user claimed that many phone numbers were exposed and could be linked to Weibo accounts, even the CEO’s number was reportedly leaked.

Weibo’s official explanation says the leaked data originated from a bulk phone‑number upload feature that matched millions of accounts to usernames.

Credential Stuffing (撞库) is when attackers collect leaked username‑password pairs from one site, build a dictionary, and try those credentials on other sites, exploiting users who reuse passwords. The article likens it to a thief stealing a keyring and trying each key on every door.

Data Leakage (漏水) refers to internal risks where companies fail to follow proper data‑isolation, permission‑layering, or encryption practices, leading to accidental exposure of sensitive information.

Database Dumping (拖库) originally means exporting data from a database, but in hacking it describes stealing an entire database after compromising a website. The typical steps are:

1. Scan the target site for vulnerabilities such as SQL injection or file‑upload flaws ( 小偷蹲点 ).

2. Install a webshell backdoor to gain server access ( 小偷想办法进入室内 ).

3. Use the obtained privileges to download the database backup or export data ( 小偷盗走值钱的东西 ).

Common web vulnerabilities—including unpatched application bugs, insecure server configurations, and exposed database endpoints—facilitate such attacks. Attackers may also plant webshells that later enable further data theft.

Data Laundering (洗库) describes the process after a breach where stolen user data is analyzed, packaged, and sold on underground markets. The article cites the sale of 538 million Weibo records, including IDs, follower counts, gender, location, and even passwords, for cryptocurrency.

Images illustrating each concept are included throughout the original article.