Cybersecurity researchers from vpnMentor uncovered a global hacking operation targeting Facebook users after discovering an unsecured Elasticsearch database obtained by the threat actors. The hackers used the database to store usernames and passwords of around 100,000 Facebook account holders. The researchers stated that fraudsters behind this scam tricked users into entering their login credentials via an application pretending to reveal their Facebook profiles visitors.
The Next Phase of Scam
Once the fraudsters had the login credentials, they accessed the accounts to comment on Facebook posts published in the victims’ network. The comments include a separate network of scam websites that redirect users to fake Bitcoin scheme sites.
Threat Summary
Hackers’ Target |
Facebook Users |
Type of Scam |
Phishing attacks and Credit card scam |
Size of data |
5.5 GB+ |
No. of people exposed in Bitcoin scam |
100,000 |
No. of people exposed in Facebook scam |
100,000 |
Types of data exposed |
Facebook usernames and passwords, IP Addresses |
The scam came to light after vpnMentor’s researchers found the leaky database used by hackers to harvest and store their victims’ details. While there is no evidence about whether the unsecured database was accessed or misused by any other malicious actors, the researchers stated they reported the issue to Facebook authorities.
“The fraudsters used the stolen login credentials to share spam comments on Facebook posts via the victims hacked account, directing people to their network of scam websites. These websites all eventually led to a fake Bitcoin trading platform used to scam people out of ‘deposits’ of at least €250 ($295). It was a vast operation, spanning the entire globe,” vpnMentor said.
“The most obvious action is the fraudsters taking over a person’s Facebook account, posting a link to one of their websites on the victim’s timeline, and tricking their friends into falling prey to the scam, growing its potential impact exponentially,” vpnMentor added.