Over a billion Facebook users have data sold on the dark web

Data leak
(Image credit: Shutterstock/dalebor)

Personally identifiable information (PII) of over 1,5 billion Facebook users is reportedly being sold on a popular underground forum, according to cybersecurity and privacy watchdogs.

The data, which has reportedly been collected through web scraping, includes names, emails, phone numbers, location, gender, and user IDs. 

Calling it one of the biggest data dumps from the popular social network, Miklos Zoltan, the founder of PrivacyAffairs who shared the news of the underground sale, claims the PII “appears to be authentic.”

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

It appears the seller is willing to sell the data in a piecemeal fashion, since one prospective buyer claimed the seller is asking for $5000 for the data of a million accounts, making the complete records worth $5 million.

Zoltan says that the seller posted several samples of the data, and they not only appeared to be authentic, but didn’t match any of the previous Facebook database leaks as well.

“Cross-checking them with known Facebook database leaks resulted in no matches, implying that at first glance, the sample data provided is unique and not a duplicate or re-sell of a previously known data breach or scraping,” writes Zoltan.

Thanks to the proximity of the news of the data leak to the global Facebook outage, many people have drawn a link between the two events. 

Zoltan however has shot down the claims on two fronts. First, PrivacyAffairs published news of the sale 12 before the Facebook outage was reported. 

Secondly, the data appears to have been scrapped from publicly available data that the users had shared themselves, which rules out the possibility that the information was obtained by compromising Facebook’s servers.

More pertinent however is Zoltan’s update in which he shares that some of the users on the underground forum claim to have been scammed by the seller who didn’t provide them any data after being paid, casting a shadow over the authenticity and magnitude of the data scrape.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.