Facebook Dark Web Deal: Hackers Just Sold 267 Million User Profiles For $540
Just a few days after exposing the sale of some 500,000 Zoom accounts for sale on the dark web, the research team at Cyble are back with another worrying tale of the vast array of information traded on furtive data markets. A “threat actor,” the team reported in a blog, “has dropped an online bomb by dropping the identities of 267 Million Facebook users.” And the price for this data trove—just $540.
Thankfully no passwords were available, but the data included email addresses, names, Facebook IDs, dates of birth and phone numbers. All of which is a perfect set of data with which to craft a text or email phishing campaign on behalf of Facebook. And if a small percentage of users click the link and enter their details into a spoofed Facebook login page, much more valuable data can be stolen.
The researchers bought and verified the information. The number 267 million will ring bells when it comes to Facebook data breaches. Late last year, that same number of mostly U.S. records was found online for sale. “We are looking into this,” Facebook said at the time, “but believe it is likely information obtained before changes we made in the past few years to better protect people’s information.”
Facebook is desperate to repair the reputational damage that started with the Cambridge Analytica scandal and lurched through various data protection, privacy and ad tracker scandals. This data is likely from a past breach and does not suggest current weaknesses with Facebook’s systems—the company was approached for any comments on this latest story or further detail on the user data involved.
Even though no passwords were breached here, users are well advised to change their passwords and to ensure that they have not reused a password on Facebook that they use elsewhere. With email addresses in hand, attackers can match those addresses against breaches which do include passwords and then try various sites. Password reuse is the single biggest enabler of account hijacks.
Facebook users—as with other sites—are also well advised to enable two-factor authentication. This ensures that any username and password breach will not enable an attacker to access your account, the use of such protection will prevent more than 99% of successful attacks on your accounts. The option is available under Settings—Security and Login.
Meanwhile, users can check whether their email addresses have been found in dark web data breaches on Cyble’s site here.
Facebook Dark Web Deal: Hackers Just Sold 267 Million User Profiles For $540
Reviewed by Your Destination
on
April 21, 2020
Rating:
No comments