Personally identifiable information (PII) of over 1,5 billion Facebook users is reportedly being sold on a popular underground forum, according to cybersecurity and privacy watchdogs.
The data, which has reportedly been collected through web scraping, includes names, emails, phone numbers, location, gender, and user IDs.
Calling it one of the biggest data dumps from the popular social network, Miklos Zoltan, the founder of PrivacyAffairs who shared the news of the underground sale, claims the PII “appears to be authentic.”
- Shield yourself with these best identity theft protection services
- We've put together a list of the best endpoint protection software
- These are the best malware removal software on the market
It appears the seller is willing to sell the data in a piecemeal fashion, since one prospective buyer claimed the seller is asking for $5000 for the data of a million accounts, making the complete records worth $5 million.
Not related to the outage
Zoltan says that the seller posted several samples of the data, and they not only appeared to be authentic, but didn’t match any of the previous Facebook database leaks as well.
“Cross-checking them with known Facebook database leaks resulted in no matches, implying that at first glance, the sample data provided is unique and not a duplicate or re-sell of a previously known data breach or scraping,” writes Zoltan.
Thanks to the proximity of the news of the data leak to the global Facebook outage, many people have drawn a link between the two events.
Zoltan however has shot down the claims on two fronts. First, PrivacyAffairs published news of the sale 12 before the Facebook outage was reported.
Secondly, the data appears to have been scrapped from publicly available data that the users had shared themselves, which rules out the possibility that the information was obtained by compromising Facebook’s servers.
More pertinent however is Zoltan’s update in which he shares that some of the users on the underground forum claim to have been scammed by the seller who didn’t provide them any data after being paid, casting a shadow over the authenticity and magnitude of the data scrape.
- Protect your devices with these best antivirus software
