Facebook has faced untold outrage and criticism concerning the organization’s handling of user data – both cases stemming from their alleged unlawful sharing of people’s data as well as their weak security mechanisms that enable the entry of data-hunting threat actors.
As it stands, the party is not over as users become victims of data breaches that expose them to untold cyber uncertainty.
In the latest news, it has been reported that threat actors are trading an excess of 267 million Facebook profiles for a paltry $623 via dark web platforms and hacker sites.
Comparitech, a cybersecurity research firm, in collaboration with cyber consultant Bob Diachenko, discovered the database of Facebook account data clustered on an Elastisearch server.
Data Sold on the Dark Web
The bulk of data belonging to 267 million accounts is reported to have been availed on hacker platforms as downloadable stuff. Worryingly, the bulk of sensitive data was posted on the hidden web and advertised for sale.
This information is according to the discovery made by cybersecurity firm Cyble, which found out that the Facebook data belonging to 267 million users was put up for sale on the dark web for a sum of $623.
To make the discovery, it is reported that Cyble experts bought the data for verification and came to the knowledge that the cache bore sensitive user information. The firm went ahead to upload the details of the affected Facebook accounts on the Cyble data breach monitoring platform Ambibreached.com – where Facebook users can go to confirm whether their Facebook accounts were part of the cluster of 267 million compromised accounts.
Reportedly, a host of the records had users’ full names, cellphone numbers and Facebook IDs.
Further, another server with the same data and an addition 42 million records was made online but was swiftly acted upon by cyber actors who sent a message asking the owners enforce security on their servers. Of this second data cluster, it is reported that 16.8 million records bore information that included Facebook User email addresses, birth dates and genders.
At this point the owners of these servers have not been exposed, including the fact that researchers have not managed to precisely identify the vulnerability or technique employed by the threat actors in compromising the 267 million Facebook accounts.
Otherwise, Diachenko believes that they belong to a criminal enterprise that breached data using the Facebook API before its lockdown or through scraping public profiles. For general knowledge, scraping refers to the technique of copying data from webpages by automated bots – an aspect that defeats the terms of services.
The Risks
It has been confirmed that the ISP hosting the database acted on Diachenko’s communication by taking the offending server offline.
According to Cyble’s investigation, the data that was posted on the dark web contained user info including email addresses, cellphone numbers, Facebook IDs, last connection, status and user age.
Thankfully, the database does not contain Facebook account passwords but considering the fact that it has the email addresses and phone numbers to some user accounts, future cybersecurity attacks to these accounts are quite imminent.
In principle, the category of data obtained by the threat actors may enable cybercriminals to launch spear-phishing campaigns that target password theft through email and SMS texts that purport to be authentic information from Facebook.
Considering the fact that the phishing emails contain sensitive user data like birth dates and phone numbers, the possibility of users getting dupe into believing the authenticity of the sources of communication is very high – target people will be prone to trust the disguised attackers.
At this point, it is recommended that users tighten their Facebook privacy settings and stay vigilant.
You can join the discussion on Dread and Tape forum
