Information including names, usernames, gender and location is up for sale on an online hacking forum for roughly $250, along with the phone numbers of 170 million users. Passwords were not included in the leaked dataset.
Following the breach, Weibo issued a statement explaining its engineers had identified accounts uploading large batches of contacts in late 2018, in an attempt to match them with phone numbers held in the database.
However, the statement contains a number of technical inaccuracies, suggesting the whole truth is yet to be revealed. According to security experts, Weibo's API does not provide information like gender or location.
Weibo says the police have been notified and an investigation is ongoing.
The Chinese state has a firm grip on the country's internet access and has a track record of successfully tracking down local hackers.
Two years ago, it took Chinese authorities only three weeks to identify the perpetrators of an attack on hotel syndicate Huazhu Group, whose data was breached and ended up for sale on the dark web.