Facebook has often been on the receiving end of outrage when it comes to handling of user data, both due to questionable data-sharing practices and lax security measures that are an open invitation for threat actors. Well, the saga continues, much to the peril of users. It is being reported that profile details of over 267 million Facebook accounts were up for grabs on the Dark Web for a paltry EUR 500 (roughly $542 or Rs. 41,600). The stolen data included account details such as names, unique Facebook user IDs, and phone numbers. While these details don’t include passwords and other such credentials, they can still leave users prone to all sorts of troubles such as phishing and spamming.
Comparitech, in collaboration with security researcher Bob Diachenko, came across the cache of Facebook account data stored on an Elastisearch server. This data trove belonging to 267 million Facebook accounts was reportedly posted on hacker forums as downloadable material. More worryingly, the sensitive data was put up on the dark Web for sale.
Cyber-security intelligence firm Cyble has discovered that the Facebook data of the affected 267 million accounts was sold on the dark Web for a sum of EUR 500 (roughly Rs. 41,600). Cyble researchers actually purchased the data for verification and found that the cache did contain sensitive user information. The company has put details of the affected Facebook accounts on its Amibreached.com repository where users can check if their Facebook account was compromised.
As per Cyble’s investigation, the data being sold by threat actors on the dark Web contained information such as email, phone number, Facebook ID, last connection, status, and age. Thankfully, the data cache did not contain a password or any other authentication-related material. However, there was enough leaked information to launch phishing or SMS spamming attacks and extract more information from users unaware of the breach. Moreover, the aforementioned data can also be used to discern more account details and user profile information.
As of now, researchers have been unable to pinpoint the exact method or vulnerability that led to the data of over 267 million Facebook accounts being compromised. The two possible culprits, however, are exploiting flaws in Facebook API and data scraping. For the uninitiated, scraping refers to copying data from webpages by automated bots, even though it is against terms of services.
But that’s not all. Shortly after, another server containing data of an additional 42 million accounts on a server was discovered. However, the it was reportedly hacked by another party trying to warn the owners that their server is unsecured. All the data on the server was replaced with dummy information. Notably, a majority of Facebook accounts whose data was put up for sale belonged to users based in the United States. So far, we are yet to come across any reports of users being scammed after taking advantage of the leaked data.