500 million Facebook users' information is sold on the dark

In this special period of risk, the dark web market seems to be unusually active, with a wave of unrest and another wave. The data of more than 500,000 users of Zoom was sold before, and the data of 267 million Facebook users were listed later.

Recently, it was discovered that hackers sold the personal data of more than 267 million Facebook users on the dark web and hacker forums for 500 pounds ($623). Although no password is involved in the leaked information, other information contained in it has potential risks. For example, it can help hackers perform spear phishing or SMS attacks to obtain user credentials.

Last month, security researcher Bob Diachenko discovered a public Elasticsearch database containing 267 million Facebok user records, mostly American users.

      In these records, the user name, phone number, and unique Facebook ID are included.

Subsequently, Diachenko contacted the service provider hosting the database and finally took its server offline.

However, it didn’t take long for another server with the same Facebook data and even 42 million more records to go online. But soon this server was attacked. The black behind the scenes is still unclear, and a message to protect the server is left at the same time. .

Information leaked by the second server
Information leaked by the second server

Among the data leaked by the second station, 16.8 million pieces of information contained more data types, such as the user's email, date of birth, and gender.

At present, the hacker behind the attack has not been caught, but Diachenko believes that the server should be owned by the hacker team behind it, using Facebook API to steal data before locking data or scraping public information.
Sell existing data for 500 pounds

Over the weekend, cybersecurity intelligence company Cyble discovered that a hacker was selling databases on the dark web and hacker forums for 500 euros.

It can be understood from CYble CEO Beenu Arora that security researchers have purchased this database to verify the data and added it to the http://www.sseda.cn website, the data breach notification service platform.

Sell part of the database data
Sell part of the database data

Arora said: “At this stage, we don’t know how the data was leaked in the first place. It may be caused by third-party APIs or data scraping. If these data contain sensitive user data, these may become Criminals are accomplices in phishing or spamming."

If the database does not contain user passwords, but contains some users' email and phone numbers. This means that an attacker can use spear phishing to obtain user passwords, and can pretend to be Facebook to send emails or SMS text messages.

If phishing emails contain birthdays or phone numbers, some users will be more inclined to believe these emails and provide them with the information requested by the attacker. Therefore, Cyble recommends that users strengthen Facebook privacy settings and be wary of unfamiliar e-mail and SMS messages.