On a famous hacking-related forum, the private and personal data of over 1.5 billion Facebook users is being sold, possibly allowing cybercriminals and unscrupulous advertisers to target Internet users all over the world.
This is the largest and most significant data leak on Facebook to date.
It appears to be unrelated to a data breach that affected 500 million Facebook users in 2021.
In late September 2021, a user of a well-known hacker site announced that he had obtained the personal information of over 1.5 billion Facebook users.
Read more: Zuckerberg took $7 billion loss within hours of Facebook outage that cut off 3 billion users
The data is currently available for purchase on the relevant forum site, with potential buyers having the option of purchasing all of the data at once or in lesser amounts.
One potential bidder claimed to have received a $5,000 quote for 1 million Facebook user accounts’ data.
According to the forum poster, the data includes the following Facebook user personal information:
- Name
- Location
- Gender
- Phone number
- User ID
The data appears to be real based on the samples posted on the forum.
Cross-checking them against known Facebook database leaks revealed no matches, showing that the sample data provided is unique and not a re-sell of previously reported data breaches or scraping.
The seller claims to be a representative of a group of web scrapers that have been in business for at least four years and claim to have served over 18,000 clients during that period.
Data Obtained by Scraping Facebook
Instead of hacking or compromising individual users’ accounts, the traders claim to have collected the data by scraping. Scraping is an online data extraction or harvesting procedure that involves accessing and organizing publicly available data into lists and databases.
While no accounts have been compromised technically, this is small consolation to people whose information may now be in the hands of unscrupulous online marketers and, more likely, cybercriminals.
Unethical marketers may use this information to send unwanted advertising to specific individuals or groups of people.
The fact that phone numbers, physical addresses, and full names of users are all included in the data is very troubling. Furthermore, despite the fact that most countries made these tactics unlawful many years ago, but still SMS and Push notification spam is growing more common.
Data Can be Used to Jeopardize Users’ Security
Hackers can use the scraped data to execute advanced phishing or social engineering attacks.
Cybercriminals can send fraudulent SMS messages to impacted consumers posing as various businesses such as Facebook or even banks after identifying individual users’ phone numbers.
Users will then be given the option to claim a prize, update their security settings, reset their passwords, or do anything similar by clicking on a link.
They will be redirected to a cloned version of the website the attackers claimed to represent after clicking the link. The fraudsters will then be able to hijack the compromised account if the user inputs their current password.
This is how Facebook accounts and even online banking logins can be sold for as little as $10 on the dark web.
How is Facebook Data Scraped?
Scraping is the technique of using computer programmes to automatically collect publicly available and accessible data online.
The vast majority of this information is gleaned through scraping Facebook accounts that have been set to “Public” by their owners. Unfortunately, the vast majority of personal information on Facebook is openly shared and made available to the general public.
Fake Facebook polls or quizzes are another popular – but illegal – way of data scraping.
Every Facebook user has seen posts like “Find out your Game of Thrones Lookalike with this Survey” or “Take this Quiz to Find out When you Will Get Married,” among other things. Typically, these are techniques to gather personal information from users.
When someone completes one of these surveys or quizzes, they give the creators of these games permission to view their personal Facebook information, including their full name, email, phone number, location, gender, and other details.
Facebook Users are Advised to Enhance their Security
It’s not a good idea for Facebook users to make their accounts completely public.
Similarly, unless offered by a reputable and verified publisher, one should never participate in random quizzes, polls, or games on Facebook. As majority of them are almost generally data mining and scrapping schemes.