Researchers: Information Could Be Used for Phishing, Other Schemes
About 267 million Facebook user IDs and other user information is being offered for sale on a dark net site for about $540, according to cybersecurity intelligence firm Cyble, which says the data, which does not include passwords, could be used for phishing and other schemes.
To verify what data was being offered for sale, the security firm bought access to the database from a “credible threat actor” through a dark net forum, says Cyble CEO Beenu Arora.
While the database does not contain passwords, Cyble researchers verified it includes users’ names, Facebook IDs, email addresses as well as their last connection, status and age. Cybercriminals could use this data for phishing and spamming campaigns as well as identity theft and credential stuffing attacks, the researchers warn.
See Also: Global Fraud Index
Since then, the data been added to AmIbreached.com, the company’s data breach monitoring platform, which allows users to check their personal data, such as an email address, against the firm’s database of known stolen and compromised data.
#Exclusive & #Breaking – 267 Million @Facebook Identities Sold for 500 Euros – online identities value is diminishing these days!https://t.co/UfEcsLBiKz#DarkWeb #ThreatIntel @BleepinComputer @Bank_Security @USCERT_gov @IndianCERT @NCSCgov @EU_Commission pic.twitter.com/iWXmu1r78M
— Cyble (@AuCyble) April 20, 2020
“The data is currently on sale by a credible threat actor who has been known to acquire breached databases to sell them on their dark web shop,” Arora tells Information Security Media Group. “Their dark web shop contains breached databases of a large number of companies, such as Zynga, Facebook, Houzz, StockX and many others.”
Arora says Facebook has been aware of this leaked user data since 2019. A spokesperson for Facebook told Information Security Media Group on Tuesday: “We are looking into this issue, including the origin and age of the information contained in the database.”
Source of Data Unknown
It’s unclear how a threat actor obtained the Facebook user data. Cyble analysts, however, suspect it may have been obtained through an illegal data scraping scheme or possibly through an API that the social media company opened up to third-party developers.
The database that Cyble purchased contains that the same number of Facebook records as were found in an exposed Elasticsearch database discovered by security researcher Bob Diachenko and privacy advocacy firm Comparitech in December 2019 (see: Database Left 267 Million Facebook IDs Exposed: Report).
In the case that Diachenko describes, cybercriminals not only uploaded the data to an online database, but also posted it to a hacker forum on Dec. 12. Most of the data came from U.S. Facebook users, according to the report.
Reacting to that report in December, a Facebook spokesperson told Information Security Media Group that the company was looking into the leak and that some of the information was obtained before the company made changes to its platform to give users more control over their privacy and personal data. These changes followed the fallout from the Facebook user data that Cambridge Analytica obtained before the 2016 U.S. presidential election (see: Facebook: 87M Accounts May Have Been Sent To Cambridge Analytica).