Recommended reading

Hacker claims to have grabbed 1.2 billion Facebook user records - here's what we know

News
By published

The authenticity was confirmed, but when was the data taken?

Facebook social media app logo on log-in, sign-up registration page
(Image credit: Chinnapong / Shutterstock)
  • Researchers found a huge database on the dark web
  • The threat actors claim to have scraped it abusing a Facebook API
  • Facebook says the database is years old

A hacker claims to have scraped 1.2 billion user records from Facebook, including people’s names, locations, and phone numbers. This is according to cybersecurity researchers Cybernews, who recently spotted a new thread on a dark web forum, promoting the gigantic database.

In the thread, the threat actor claims to have generated an entirely new database (rather than compiling information that was already available in the murky waters of the dark web), and that it contains user IDs, names, email addresses, usernames, phone numbers, locations, birthday data, and gender information.

Cybernews’ researchers analyzed parts of the data and confirmed that it is legitimate (at least the parts they looked at). This means that whoever grabs this database, can use the information found inside to launch highly convincing phishing attacks, engage in identity theft, and possibly even wire fraud.

Abusing extensions

But there are other things to consider. Cybernews, for one, says that the claim of 1.2 billion user records should be taken with a massive grain of salt, for a number of reasons.

First, the threat actor only posted once before, so their reputation is questionable. Secondly, there’s been a similar, but smaller leak, in recent history, prompting the researchers to suggest that maybe this is the same archive, only re-packaged with a little extra information thrown in.

The data was allegedly picked up by abusing a Facebook API. Meta, the social media giant’s parent company, did not deny it, but did suggest that the attackers are simple fraudsters trying to share an old database as something entirely new.

“This is not a new claim. We disclosed this years ago and have taken steps to prevent similar incidents from happening since,” a Meta spokesperson told Cybernews, and shared a link to a company’s blog on how it combats scraping.

The researchers believe this could be one of the biggest data scrapes to have come from Facebook, and a testament to the company’s poor sense of customer security and privacy:

“Repeated incidents show a pattern of reactive rather than proactive security measures, particularly when it comes to protecting data that’s publicly visible but still sensitive. The lack of stronger safeguards and transparency undermines trust and leaves millions potentially exposed to phishing, scam, possibly identity theft, and long-term privacy issues,” the team said.

Via Cybernews

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.