Hackers are selling over 267 million Facebook profiles on dark web sites and other hacker forums for merely $541, according to report from Cyble.
The data includes everything from email addresses, names, phone numbers, Facebook IDs, dates of birth, age, and more. Thankfully, it didn’t include passwords. Still, the information is enough for setting up phishing campaigns and other online frauds.
#Exclusive & #Breaking – 267 Million @Facebook Identities Sold for 500 Euros – online identities value is diminishing these days!https://t.co/UfEcsLBiKz#DarkWeb #ThreatIntel @BleepinComputer @Bank_Security @USCERT_gov @IndianCERT @NCSCgov @EU_Commission pic.twitter.com/iWXmu1r78M
— Cyble (@AuCyble) April 20, 2020
Cyble told Bleeping Computer that its researchers are verifying the data and adding it to their breach notification service. They are yet to identify how the data was leaked; however, Cyble believes that “it might be due to a leakage in third-party API or scrapping.”
Interestingly, security researcher Bob Diachenko, along with Comparitech, discovered a similar Facebook data breach back in December. The database included the same number of Facebook accounts; however, the records contained only names, phone numbers, and Facebook IDs.
The database was eventually taken down when Bob contacted the ISP that was hosting it. But shortly after, another server surfaced online with an additional 42 million Facebook accounts. This time, it was beaten down by a hacker who left a message asking users to secure their servers.
It is difficult to tell if the records in the latest Facebook data breach are the same or different from the previous one discovered by Bob. Whatever the case may be, the important thing to note is that the details of many Facebook profiles might still be in possession of malicious actors.
If you’re having concerns whether your profile was a part of the Facebook data breach, then you should reset your password for the peace of mind.
Facebook is not the only one involved in a data breach this month. The popular video conferencing tool Zoom also saw something similar; close to 500,000 Zoom accounts were sold on the Dark Web.