On the dark web, data on over 1.5 billion Facebook users, including their real names, phone numbers, and email addresses, is being sold. According to Privacy Affairs, which examined the data dump and concluded that it appears authentic.
Following a recent leak, personal information from approximately 1.5 billion global Facebook users was allegedly put up for sale.
Member of hacker forum selling 1.5 billion Facebook users data
According to a report from Privacy Affairs, a member of a well-known hacker forum claimed to be in possession of the information in late September and offered to sell it in chunks to others on the forum. One user claimed to have received a $5,000 quote for the information of one million users.
None of the data in question was private; rather, it was scraped using automated tools from Facebook’s public search results. However, the information could be valuable to bad actors, who could use it in phishing attacks or social engineering manoeuvres in which an actor poses as an official from a company such as Facebook and attempts to trick a victim into providing more personal information.
Photo above shows: The data includes names, email addresses, locations, genders, phone numbers, and user IDs, according to a forum member. The leaked data is not thought to have been publicly shared previously in a Facebook data breach.
Facebook data sold on dark web not likely related to recent outage
The announcement comes after a global outage of all Facebook platforms, and it is most likely unrelated to the outage event.
The dump demonstrates that Facebook is permeable, and anything you share with the company could become public if you haven’t carefully reviewed your privacy settings. Facebook’s privacy settings are notoriously difficult to understand, but privacy begins at home, and you must take care to verify which audiences are permitted to see information such as your phone number when you save it to your Facebook account. Or, you know, don’t share that information with Facebook in the first place, no matter how often it nags you to fill out your profile.
The dump comes at a particularly bad time for Facebook, which is dealing with backlash following a leaked report alleging that the company was aware that Instagram causes mental health problems in teen girls, prompting congressional hearings.
New York Times report says breach could be fake
Here are excerpts from the New York Times report:
“The problem is that the breach that Ms. Blackburn referenced is largely unverified, and possibly fake. The claim comes from an anonymous account on a forum that, according to Vice, obtained access to the database from a supposed company called “X2Emails.” The anonymous post, from Sept. 22, promised “scraped” data on “more than 1.5b Database of Facebook” consisting of users’ email addresses, locations, phone numbers, and other identifying information.”
“Some news outlets reported on the breach as fact, but there is no proof yet of a hack. Aric Toler, a researcher with Bellingcat, an investigative journalism group, pointed out that someone claimed to have paid for the supposedly hacked information and found out that it was a scam.”
Newsweek also reported that several forum users reported that they had received nothing after sending money to the original poster. This could indicate that the alleged leak was a hoax, or that the alleged data holder was running late.