Billions of Leaked Phone Numbers Combined with Old Facebook Leak
A staggering 3.8 billion records containing user telephone numbers leaked from social media platform Clubhouse. The data, originally not considered particularly valuable by the hacker who got their hands on the data set, was put up online for free, published on a dark web forum. Indeed, isolated data of this kind is not very valuable but only when it exists in a vacuum. This situation, however, changed quickly.
After the initial data dump on the hacking forum, another industrious hacker got to work and started pairing the telephone numbers from the Clubhouse data leak with data from another massive leak that took place earlier in 2021.
Back in April, Facebook leaked account data from just over half a billion user accounts. The bad actor started matching this older data with the new Clubhouse leak and suddenly, the combined data set started looking a lot more appealing.
Even if isolated data is not worth too much on its own, when combined with more pertinent information, it forms new data sets that can be considered personally identifiable information and those can be exploited in a number of ways by threat actors.
Security experts warn that the newly combined data is exploitable in a number of different ways and is a much more dangerous tool in the hands of threat actors when compared to isolated data leaks.
When enough data is pooled together, it can be used for both account takeover attacks, as well as smishing - the SMS version of phishing emails. Accounts that are successfully taken over can be cleared of any financially valuable items, such as coupons and gift cards.
Apart from petty thieving, bad actors could also exploit compromised accounts and use this access to even gain a potential foothold in the company where that individual works.
Even though the phone-only data dump was published on the hacking forum for free, the newly combined data, paired with the Facebook leak records, is now up for grabs for a hefty $100,000. The hacker who took the time to match phones and Facebook records is also selling smaller parcels of the 3.8 billion records at more approachable prices.