China's Ministry of Industry and Information Technology (MIIT) has summoned officials of Sina Weibo to a meeting and then issued a statement admonishing the company to take appropriate measures following an alleged leak of more than 500 million user-data records.
In an official statement yesterday, the MIIT ordered Weibo enhance its data-security measures to better protect personal information, as well as endeavour to notify users and authorities in the event that data-security incidents occur.
Last week, Wei Xingguo, Alibaba’s former security chief, claimed on Weibo that details about millions of Weibo users, including himself, were available for sale online. According to some netizens who investigated during the subsequent public outcry, basic information on 538 million Weibo users, including phone numbers and addresses, was circulating on the 'dark web'. Wei’s post was eventually deleted.
On Saturday, the day of the MIIT meeting, Sina Weibo issued its own statement, which acknowledged the data was being sold. The company stated that a hacker gathered publicly posted information by using a service meant to help users locate the Weibo accounts of friends by inputting their phone numbers. The company stated that no passwords were revealed, but said the Weibo accounts of users who reuse their passwords could still be vulnerable because the data could allow bad actors to associate their accounts with passwords revealed in data breaches on other platforms.
The company has strengthened its security strategy and reported the details to the judicial authority, it added.