Millions of Facebook Profiles For Sale

Uploaded on 2020-04-25 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

Researchers at cyber security firm Cyble  recentlly discovered that over 500,000 Zoom accounts were being sold on the dark web and hacker forums at dirt-cheap prices. 

Now, the same firm has revealed that hackers are selling over 267 million Facebook profiles for £500 ($623) on Dark Web sites and hacker forums.  These personal details include their email, full name, last name, phone, Facebook ID, last connection, status, and age. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.

Last month, the noatble independent security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States. For many of these records, they contained a user's full name, their phone number, and a unique Facebook ID. The ISP hosting the database eventually took the server offline after being contacted by Diachenko.

A second server containing the same data plus an addition 42 million records was brought online but were hacked by unknown threat actors who left a message telling the owners to secure their servers.Of this new data, 16.8 million records included more information such as a Facebook user's email address, birth date, and gender.

It was not discovered who these servers belonged to, but Diachenko believed that it was owned by a criminal organisation who stole the data using the Facebook API before it was locked down or via scraping public profiles. Shortly after,  the expert reserachers at Cyble discovered a threat actor selling this database for £500 on the dark web and through hacking forums.
The database being sold does not contain Facebook account passwords, but it does contain email addresses and phone numbers for some users.

This could allow attackers to create spear-phishing campaigns that aim to steal your password using email campaigns or SMS texts that pretend to be from Facebook.

If the phishing emails contain information such as dates of birth and/or phone numbers, some users may be more prone to believe them and thus provide the attackers with the requested info. 

Cyble recommends users tighten their privacy settings on Facebook accounts and be cautious of unsolicited emails and text messages.

This is not the first time that Facebook user data has has been breached and been found hacker forums.  A similar dataset of Facebook profiles, mostly from the United States, was made available in an open database on Elasticsearch, containing details including users’ full name, their phone number, and a unique Facebook ID.

 A few days later on another database with an additional 42 million records was discovered online. This time it was attacked by another group of hackers who left a message “telling the owners to secure their servers.”

Security experts stronglu advise users should double-check the privacy and security settings of their Facebook accounts and have warned against interacting with unknown email or text messages related to social media accounts.

Mashable:       Medium:        TechRadar:         Bleeping Computer:        Techhradar

You Might Also Read:   

Facebook Could Face A GDPR Fine Of $1.63bn:

The Invisible Areas Of The World Wide Web:

 

« Remote Working Is The New Normal
Cyber Security Needs Workers Who Are 'Neuro Diverse' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Propelo

Propelo

Propelo (formerly LevelOps) is an engineering excellence platform that helps increase developer productivity and improve security with data-led insights and workflow automation.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.