Facebook has apparently once again been hit by a major data breach after the personal details of over 267 million profiles were found for sale online.
The hoard, which included private details such as names, email addresses, Facebook IDs, dates of birth and phone numbers, was being sold on the dark web for just £500 ($623).
Although the stolen data does not contain passwords, the information available in the database could be used by the threat actors to run email or SMS based phishing campaigns to steal passwords.
- Facebook data breach sees millions of user personal details leaked online
- PhotoSquared data leak puts thousands of users at risk
- Slickwraps hit by customer data breach
The stolen data was discovered by researchers at risk assessment platform Cyble, which bought the cache in order to verify its authenticity and to understand how it was stolen.
While Cyble has not been able to ascertain the source of this database yet, it said “At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scrapping. Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming."
Sadly this is not the first time that Facebook user data has made its way on to hacker forums or deep web sites. Just last month, a similar dataset of Facebook profiles, mostly from the United States, was made available in an open database on Elasticsearch, containing details including users’ full name, their phone number, and a unique Facebook ID.
A few days later on another database with an additional 42 million records was discovered online. This time it was attacked by another group of hackers who left a message “telling the owners to secure their servers.”
Security experts suggest that users should recheck the privacy and security settings of their Facebook accounts, and have warned against interacting with unknown email or text messages related to social media accounts.
TechRadar Pro has reached out to Facebook for comment.
- The best VPN service 2020
Via: Bleeping Computer (opens in new tab)