A little over a year ago, the FBI seized the domain name WeLeakInfo.com, a rogue provider of hacked credentials.
At the time, WeLeakInfo claimed to provide its clients a searchable index of personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records.
It seems that wli.design, one of the domains used to handle the WeLeakInfo client data expired and dropped. Someone went ahead and re-registered it and proceeded with gaining access to the Stripe data for that account.
The data leaked includes partial credit card info, email addresses, full names, IP addresses, browser user agent string data, physical addresses, phone numbers, and amount paid by the numerous customers of WeLeakInfo. It’s ironic to see information leaked on those seeking to illegally obtain the personal data of others.
Investigative reporter, Brian Krebs, details the information on the incident here.