Hackers Exposed the Identities of 267 Million Facebook Users in the Latest Data Leak

267 million Facebook Account Sold on the Dark Web

You can only imagine how difficult running a huge online empire like Facebook is, and it must be said that lately, Mark Zuckerberg and his team have been having an especially hard time. They're currently trying to use the wide reach they have in order to help the world defeat the COVID-19 pandemic and restore some of the lost trust in the social network. They're taking advantage of the fact that their mobile apps are installed on millions of devices to collect data that can help authorities figure out the patterns associated with breaking the quarantine. Facebook has also lent its platform to scientists who are trying to learn more about the spread of the virus.

Unfortunately, while Facebook is trying to use the coronavirus pandemic to rebuild its reputation, the security issues from months and years gone by are far from forgotten. In fact, every now and again, they come back to haunt Zuckerberg and his colleagues.

Researchers find 267 million Facebook records for sale on the dark web

Researchers from Cyble, the same people who recently uncovered a data dump of over half a million Zoom accounts on the underground marketplaces, said earlier this week that they've seen a large database containing Facebook user information. It, too, is offered for sale on the dark web, and it contains a whopping 267 million Facebook identities.

Each record consists of the user's names, phone number, email address, last connection, Facebook ID, and the status of their account. Cyble's researchers noted that nobody can say for sure when and how the data got leaked. They're not sure if the 267 million accounts currently sold are the same ones that made the news in late 2019 when a similar advert was spotted on the underground forums. What Cyble's experts can confirm, however, is that the data is valid.

They purchased the database from the cybercriminal, and after going through it carefully, they concluded that there are real people behind all the records. If you want to check whether you've been affected by this particular leak, you can do so via Cyble's AmIBreached.com data breach notification service, and if you are, your only consolation is that your password was not included in the database.

Facebook users' data costs next to nothing on the underground marketplaces

The experts' decision to buy the database from the underground seller is a controversial one. On the one hand, their data breach notification service relies on information that has been leaked online, and that data doesn't always come for free. On the other, although they have no intention of abusing people's information, by paying actual money to get it, the researchers are encouraging the crooks to continue doing what they're doing and are fueling the thriving underground markets. On the bright side, their contribution in this particular case wasn't that huge.

The seller asks just €500 for the entire database, which amounts to a shade over $540. Do the maths, and you'll see that each of the affected accounts is swapping hands for just $0.000002. Unfortunately, like it or not, this is how little your personal information is worth these days.

The laughably low price tag can be attributed to some extent to the fact that no passwords are included in the dump. This doesn't mean, however, that the data can't be abused. For $540, potential cybercriminals can get enough information to organize a highly targeted phishing campaign, and because the database is so cheap, they can invest more in making the scam as convincing as possible. Regardless of whether or not you've been hit by the leak, you need to be as vigilant as always.

April 22, 2020

Leave a Reply