Cybersecurity firm Cyble found hackers selling over 267 million Facebook records for £500 (US$623) on dark websites and hacker forums. In a blog post, Cyble claimed that the records contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.
“One of the threat actors have dropped an online bomb by dropping the identities of 267 million Facebook Users for 500 Euros,” the post read.
The exposed information includes email addresses, names, first name, last name, last connection, status, age, phone numbers, Facebook IDs, dates of birth, age, and other personal data. However, the company clarified that none of the records include passwords. However, the information is enough for hackers to launch phishing campaigns and other online frauds, experts stated.
Cyble researchers were able to download and verify the records. It is said that the affected users may access this data on Cyble’s data breach monitoring platform. “At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scrapping. Given the data contains sensitive details on the users, it might be used by cybercriminals for phishing and spamming,” the researchers added.
Since there is a rise in potential phishing attacks, Cyble suggested that users strengthen the privacy settings on their Facebook profiles and be vigilant on suspicious emails and text messages.
Same Records on Different Hacking Forum
In December 2019, security researcher Bob Diachenko and security firm Comparitech discovered an open Elasticsearch database that contained over 267 million Facebook records, mostly of U.S. users. The records included information like names, phone numbers, and Facebook IDs.
According to the researcher, the incident occurred due to illegal scraping operation or Facebook API abuse by cybercriminals in Vietnam. The exposed data was also posted on a hacker forum for download. Diachenko stated that 267,140,436 records were exposed in the incident, which could be used by attackers to launch SMS spam and phishing campaigns. Commenting on the reason for data leak, Diachenko said that Facebook’s API could have a security hole that would allow intruders to access personal data even after access was restricted or hackers might have stolen by scraping publicly visible profile pages.