Cybercriminals sell over 267 million Facebook profiles on the dark web and on hacking forums for just £ 500 ($ 623). None of this archives does not include passwords. However, it does contain information that could allow attackers to carry out spear phishing attacks and send fake SMS for to steal credentials.
These files often contained it his full name user, his phone number and a unique Facebook ID.
The ISP hosting the database took the server offline, as soon as it learned from Diachenko about their report data.
Shortly afterwards, a second server containing the same data and another 42 million files was uploaded to Internet and accepted attack by strangers hackers who left a message telling owners to insure their servers.
From this new data, 16,8 million files contained more information, such as Facebook email address, date of birth and gender.
We don't know who these servers belonged to, but Diachenko believes they belong to a criminal organization that stole them. data using the Facebook API before it is locked.
The data is sold for just £ 500
This weekend, the security company Cyble discovered one hacker who sold this database for £ 500 on the dark web and in hacking forums.
In a conversation with Beenu Arora, CEO of Cyble, BleepingComputer learned that researchers have bought the database to verify the data and have added them to the infringement alert service http://AmIbreached.com.
"At this stage, we do not know how the data leaked at first. This may be due to third party API leaks or theft of public profiles, "said the CEO. “Since the files contain sensitive details about them users, may be used by cybercriminals for phishing and spamming ”.
How can this data affect you?
The database sold on the dark web does not contain passwords for Facebook accounts, but contains addresses e-mail and phone numbers some users.
This could allow hackers to perform spear-phishing campaigns aimed at theft of your passwords, sending emails or SMS that are supposed to come from Facebook.
If phishing emails contain information such as date of birth and / or phone numbers, some users may be more willing to give extra information.
Cyble advises users to be very careful with Facebook's privacy settings and watch out for spam emails and messages.