WeChat Password "Database Collision": Unemployed Man in Guangxi Finds Lost Phone, Launches Frenzy of Account Theft

WeChat Password "Database Collision": Unemployed Man in Guangxi Finds Lost Phone, Launches Frenzy of Account TheftIn 2022, Sheng, an unemployed man in Guangxi, unexpectedly found a phone without a screen lock password. He discovered that the owner's WeChat account was still logged in, and the account and password were saved in the Favorites section

WeChat Password "Database Collision": Unemployed Man in Guangxi Finds Lost Phone, Launches Frenzy of Account Theft

In 2022, Sheng, an unemployed man in Guangxi, unexpectedly found a phone without a screen lock password. He discovered that the owner's WeChat account was still logged in, and the account and password were saved in the Favorites section. Sheng tried logging in, and he was successful! Out of curiosity, he began "exploring" the WeChat account, finding that the owner's WeChat wallet was empty and no bank card was linked. However, he noticed that several of the owner's friends had WeChat IDs in the format of "letters + numbers," highly similar to the format of "name + birthday." Sheng had a sudden idea: could these WeChat IDs be their account passwords?

Like discovering a "new game," Sheng tried using this method to log into one of the owner's friends' WeChat accounts, and he succeeded! He then transferred money from the owner's WeChat account to his friend's account, discovering that the payment password was the same as the login password, and the transfer was successful. Since large transfers would trigger WeChat payment risk control, Sheng successfully transferred the remaining funds from the owner's WeChat account to his own account using multiple small transfers.

Tasting the sweetness of his success, Sheng began to select all users from the owner's WeChat friend list who appeared to have set their WeChat IDs as "name + birthday," and began to attempt to "crack" their login passwords and WeChat payment passwords one by one, repeatedly succeeding. He gradually became unsatisfied with obtaining WeChat friends from this single phone, and began to use these newly obtained accounts to continue "digging" for their friends, constantly expanding his range of "victims."

"From each WeChat account, I could steal about two new accounts, and then I would continue to try to steal friends from these two new accounts," Sheng confessed after his arrest. When the payment password did not match the login password, Sheng would also check the account's Favorites section for information, shopping orders, etc., to see if he could find any "valuable clues."

It was found that Sheng stole a total of more than 20 WeChat accounts, and he "cracked" the payment passwords for 13 of them. To avoid WeChat's risk control management, he purchased 11 phones to log into other people's WeChat accounts. Additionally, he would first transfer money from the target account to other WeChat accounts that he had stolen, and after multiple transfers, he would finally transfer them to his own account, achieving the goal of "safely" transferring funds.

To avoid being discovered by the account owners, Sheng mostly acted in the early hours of the morning. Although account owners would receive relevant risk warnings regarding "login from a different location," not everyone would notice after waking up. Those who did notice would immediately change their WeChat passwords, but some victims found that even after changing their WeChat passwords multiple times, the thief could still log into their accounts. Out of security concerns, most would choose to unlink their bank cards and abandon the accounts.

When asked about his method, Sheng confessed, "After cracking the password, I would bind my own verification information to the stolen account. If the account owner did not pay attention to abnormal reminders or relevant information, they would not unbind it, and I could continue to log in."

In August 2022, Sheng accidentally slipped up while chatting with Wen, his distant relative. Wen said that he was also short of money and wanted to work with Sheng. Sheng was afraid that Wen would expose him, so he reluctantly agreed to Wen's request. Wen then registered a WeChat account using his wife's identity information to help Sheng collect stolen funds and receive a commission.

One time, while shopping online, Sheng had a sudden idea: he could register an online store to transfer funds. He then conspired with Wen: Wen would register as a merchant on the shopping platform, set the prices, and list products. Sheng would then use the owner's WeChat account to pay and purchase the products, creating a fake transaction to transfer the money from the owner's WeChat account to Wen's registered merchant account.

"He would send a delivery order number for me to fill in on the order, and I would click 'Ship.' He would then use someone else's WeChat account linked to the shopping account to click 'Pay,' and the money would go to the shopping platform's account," Wen confessed. After the money was withdrawn, he would split it with Sheng according to their pre-agreed "70-30" split. After the two tried out this new money transfer method, they stole seven or eight times, until the account owner unlinked their shopping platform account, preventing them from continuing to transfer money using the "empty order" method.

In October 2023, Sheng and Wen were apprehended. On February 1, 2024, the case was transferred to the Taicang City People's Procuratorate in Jiangsu Province for review and prosecution.

"The case had hidden methods of committing the crime, the defendants did not have contact with the victims, and they did not even directly communicate. It was very difficult to investigate the case," said the person in charge of the case. To solidify the evidence, the Taicang City People's Procuratorate issued a "Request for Continued Investigation" to the public security organs regarding the flow of funds, whether the relevant WeChat accounts were held by Sheng, the location where the victims' WeChat accounts were logged in, and the model of the devices used, ensuring that the crimes could be effectively accused.

After investigation, it was found that Sheng had stolen a total of 147,000 yuan from the WeChat accounts of 13 victims, and Wen had helped Sheng receive, transfer, and withdraw stolen funds totaling 65,000 yuan, profiting 12,000 yuan. Sheng's stolen funds were all used for online gambling, online games, and personal daily expenses, while Wen had already returned all of his illegal gains.

On March 14, 2024, the Taicang City People's Procuratorate formally indicted Sheng and Wen for the crime of theft. On July 17, 2024, the court sentenced them to three years and six months and one year and eight months in prison, respectively, for the crime of theft.

This case once again reminds everyone:

• When setting up personal accounts, do not reveal information that is the same as or similar to your login password and payment password;

• Periodically check the risks associated with your login devices and bound information. If you find any abnormalities, delete the devices, change your binding information, and report it to the relevant platform customer service personnel. If necessary, promptly report it to the police.

Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])