Home News Facebook Users Tricked in a Massive Phishing and Credit Card Scam

Facebook Users Tricked in a Massive Phishing and Credit Card Scam

one million card data exposed

Cybersecurity researchers from vpnMentor uncovered a global hacking operation targeting Facebook users after discovering an unsecured Elasticsearch database obtained by the threat actors. The hackers used the database to store usernames and passwords of around 100,000 Facebook account holders. The researchers stated that fraudsters behind this scam tricked users into entering their login credentials via an application pretending to reveal their Facebook profiles visitors.

The Next Phase of Scam

Once the fraudsters had the login credentials, they accessed the accounts to comment on Facebook posts published in the victims’ network. The comments include a separate network of scam websites that redirect users to fake Bitcoin scheme sites.

Threat Summary


Hackers’ Target


Facebook Users

Type of Scam

Phishing attacks and Credit card scam

Size of data

5.5 GB+

No. of people exposed in Bitcoin scam


No. of people exposed in Facebook scam


Types of data exposed

Facebook usernames and passwords, IP Addresses


The scam came to light after vpnMentor’s researchers found the leaky database used by hackers to harvest and store their victims’ details. While there is no evidence about whether the unsecured database was accessed or misused by any other malicious actors, the researchers stated they reported the issue to Facebook authorities.

“The fraudsters used the stolen login credentials to share spam comments on Facebook posts via the victims hacked account, directing people to their network of scam websites. These websites all eventually led to a fake Bitcoin trading platform used to scam people out of ‘deposits’ of at least €250 ($295). It was a vast operation, spanning the entire globe,” vpnMentor said.

“The most obvious action is the fraudsters taking over a person’s Facebook account, posting a link to one of their websites on the victim’s timeline, and tricking their friends into falling prey to the scam, growing its potential impact exponentially,” vpnMentor added.