Millions of Facebook Profiles For Sale

Researchers at cyber security firm Cyble  recentlly discovered that over 500,000 Zoom accounts were being sold on the dark web and hacker forums at dirt-cheap prices. 

Now, the same firm has revealed that hackers are selling over 267 million Facebook profiles for £500 ($623) on Dark Web sites and hacker forums.  These personal details include their email, full name, last name, phone, Facebook ID, last connection, status, and age. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.

Last month, the noatble independent security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States. For many of these records, they contained a user's full name, their phone number, and a unique Facebook ID. The ISP hosting the database eventually took the server offline after being contacted by Diachenko.

A second server containing the same data plus an addition 42 million records was brought online but were hacked by unknown threat actors who left a message telling the owners to secure their servers.Of this new data, 16.8 million records included more information such as a Facebook user's email address, birth date, and gender.

It was not discovered who these servers belonged to, but Diachenko believed that it was owned by a criminal organisation who stole the data using the Facebook API before it was locked down or via scraping public profiles. Shortly after,  the expert reserachers at Cyble discovered a threat actor selling this database for £500 on the dark web and through hacking forums.
The database being sold does not contain Facebook account passwords, but it does contain email addresses and phone numbers for some users.

This could allow attackers to create spear-phishing campaigns that aim to steal your password using email campaigns or SMS texts that pretend to be from Facebook.

If the phishing emails contain information such as dates of birth and/or phone numbers, some users may be more prone to believe them and thus provide the attackers with the requested info. 

Cyble recommends users tighten their privacy settings on Facebook accounts and be cautious of unsolicited emails and text messages.

This is not the first time that Facebook user data has has been breached and been found hacker forums.  A similar dataset of Facebook profiles, mostly from the United States, was made available in an open database on Elasticsearch, containing details including users’ full name, their phone number, and a unique Facebook ID.

 A few days later on another database with an additional 42 million records was discovered online. This time it was attacked by another group of hackers who left a message “telling the owners to secure their servers.”

Security experts stronglu advise users should double-check the privacy and security settings of their Facebook accounts and have warned against interacting with unknown email or text messages related to social media accounts.

Mashable:       Medium:        TechRadar:         Bleeping Computer:        Techhradar

You Might Also Read:   

Facebook Could Face A GDPR Fine Of $1.63bn:

The Invisible Areas Of The World Wide Web:

 

« Remote Working Is The New Normal
Cyber Security Needs Workers Who Are 'Neuro Diverse' »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

Soteria LLC

Soteria LLC

Soteria LLC are a client-focused organization providing expert advisory, consulting services, and tailored solutions to prevent, detect, and respond to cybersecurity incidents.

Minsait Cyber

Minsait Cyber

Minsait Cyber (formerly SIA Group) is the Indra Group's cybersecurity company, a leader in Spain and Portugal in terms of both revenue and expert talent, with more than 2,000 specialists.