Security researchers at Cisco Talos discovered 74 Facebook cybercrime groups with 385,000 members that offer hacking tools and email phishing kits on Facebook. According to the researchers, the groups were selling/buying stolen bank/credit card information, and phishing services. However, Facebook confirmed that it took down all of the groups after Talos reported the issue. The researches stated that criminal Facebook groups can be found by anyone with a Facebook account by searching with keywords like spam, carding or CVV.
“These Facebook groups are quite easy to locate for anyone possessing a Facebook account. A simple search for groups containing keywords such as “spam,” “carding,” or “CVV” will typically return multiple results. Of course, once one or more of these groups has been joined, Facebook’s own algorithms will often suggest similar groups, making new criminal hangouts even easier to find. Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse,” the researchers said in a blog spot.
Cisco Talos stated they’ve been tracking several illegal groups on Facebook for the past several months. It stated that most of the groups use names like Spam Professional, Spammer & Hacker Professional, Buy Cvv On THIS SHOP PAYMENT BY BTC, and Facebook hack, etc.
The news came after security experts from the cybersecurity firm UpGuard recently discovered that Facebook user account information was exposed on Amazon cloud servers. The security team at UpGuard stated that they found two data breach incidents in different regions. The first incident was originated from the Mexico-based media company Cultura Colectiva which exposed around 146 GB of data that contained over 540 million records detailing comments, likes, reactions, account names, FB IDs, and other sensitive information.
The second was a separate database from a Facebook-integrated app named ‘At the Pool’ which exposed data via an Amazon S3 bucket. This database contained the backup information like fb_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, and passwords, according to UpGuard.