Millions of Facebook Profiles For Sale

Uploaded on 2020-04-25 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

Researchers at cyber security firm Cyble  recentlly discovered that over 500,000 Zoom accounts were being sold on the dark web and hacker forums at dirt-cheap prices. 

Now, the same firm has revealed that hackers are selling over 267 million Facebook profiles for £500 ($623) on Dark Web sites and hacker forums.  These personal details include their email, full name, last name, phone, Facebook ID, last connection, status, and age. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.

Last month, the noatble independent security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States. For many of these records, they contained a user's full name, their phone number, and a unique Facebook ID. The ISP hosting the database eventually took the server offline after being contacted by Diachenko.

A second server containing the same data plus an addition 42 million records was brought online but were hacked by unknown threat actors who left a message telling the owners to secure their servers.Of this new data, 16.8 million records included more information such as a Facebook user's email address, birth date, and gender.

It was not discovered who these servers belonged to, but Diachenko believed that it was owned by a criminal organisation who stole the data using the Facebook API before it was locked down or via scraping public profiles. Shortly after,  the expert reserachers at Cyble discovered a threat actor selling this database for £500 on the dark web and through hacking forums.
The database being sold does not contain Facebook account passwords, but it does contain email addresses and phone numbers for some users.

This could allow attackers to create spear-phishing campaigns that aim to steal your password using email campaigns or SMS texts that pretend to be from Facebook.

If the phishing emails contain information such as dates of birth and/or phone numbers, some users may be more prone to believe them and thus provide the attackers with the requested info. 

Cyble recommends users tighten their privacy settings on Facebook accounts and be cautious of unsolicited emails and text messages.

This is not the first time that Facebook user data has has been breached and been found hacker forums.  A similar dataset of Facebook profiles, mostly from the United States, was made available in an open database on Elasticsearch, containing details including users’ full name, their phone number, and a unique Facebook ID.

 A few days later on another database with an additional 42 million records was discovered online. This time it was attacked by another group of hackers who left a message “telling the owners to secure their servers.”

Security experts stronglu advise users should double-check the privacy and security settings of their Facebook accounts and have warned against interacting with unknown email or text messages related to social media accounts.

Mashable:       Medium:        TechRadar:         Bleeping Computer:        Techhradar

You Might Also Read:   

Facebook Could Face A GDPR Fine Of $1.63bn:

The Invisible Areas Of The World Wide Web:

 

« Remote Working Is The New Normal
Cyber Security Needs Workers Who Are 'Neuro Diverse' »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

Ark Technology Consultants

Ark Technology Consultants

Ark Technology Consultants is a unique IT Services Firm which blends technology solutions with consultative insight around governance and process management.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

aiComply

aiComply

aiComply's AI-driven platform offers automated intelligence for an efficient cybersecurity compliance workflow, eliminating onerous manual and time-consuming paperwork.

Pacific Northwest National Laboratory (PNNL)

Pacific Northwest National Laboratory (PNNL)

PNNL draws on its distinguishing strengths in chemistry, Earth sciences, biology, and data science to advance scientific knowledge and address challenges in energy resiliency and national security.