Hackers Sell 267-Million Facebook Profiles For Just $540
More than a quarter of a billion Facebook profiles have been sold on the darkweb for a measly $540, as recently revealed by a cybersecurity firm.
The news comes from cybersecurity firm Cyble, the same firm responsible for breaking the news of more than half a million Zoom profiles being sold on the darkweb for just 50 cents a pop.
The team posted a blog stating that “the threat actors have dropped an online bomb by dropping the identities of 267 million Facebook users for 500 Euros - the details include their email, Fname, Lname, phone, Facebook ID, Last Connection, Status, Age.”
“At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scraping. Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming,” they wrote.
The dataset was originally discovered by Comparitech and Bob Diachenko last December when hundreds of millions of profiles were found on an Elasticsearch-hosted server.
The researchers were able to both verify and study the data trove after purchasing their own copy, and have since uploaded all the user profiles into their own database, where users can check whether or not their profiles were breached. On that site, the team at Cyble have compiled and indexed more than 32 billion records from 28,000 data breaches.
No passwords were made available in the package, but the purchaser of the data trove now has a staggeringly large number of profiles, along with intimate details that they can now launch a tailor-made phishing campaign with. Once a potential victim clicks a link in a phishing email, they’re vulnerable to further data theft and perhaps worse, depending on the sophistication of the hacker’s malware.
Cyble recommends that Facebook users “tighten their privacy settings on their Facebook profiles, and be cautious of unsolicited emails and text messages. We are currently indexing the data at our dark web monitoring platform, and retail users can access it via AmIbreached.com.”
Facebook has released a statement outlining that the company was “looking into this,” adding that they “believe it is likely information obtained before changes were made in the past few years to better protect people’s information.”
Technology writer with Forbes, Zak Doffman, writes that “even though no passwords were breached here, users are well advised to change their passwords and to ensure that they have not reused a password on Facebook that they use elsewhere.”
“With email addresses in hand, attackers can match those addresses against breaches which do include passwords and then try various sites. Password reuse is the single biggest enabler of account hijacks.”
Anurah Kahol, CTO at cloud security company Bitglass told HackReed that “social media platforms are lucrative turrets for cybercriminals due to the massive amounts of personally identifiable information (PII) that they collect and store on users. In fact, the data exposed in this incident was found on a dark web forum, leaving the affected consumers highly vulnerable to targeted phishing and credential stuffing attacks, account hijacking and more.
He continued to explain that “the lasting impact is unknown, and a staggering 59% of consumers admit to reusing the same password across multiple sites, even knowing the risks associated. This could give cybercriminals access to various accounts for the same individual across multiple services, rendering their digital footprint incredibly vulnerable as a result.”
“All consumers, not just users impacted by this incident, need to make a habit of diversifying their login credentials across different accounts in order to mitigate the chances of their account being hijacked.”