Once again, highly sensitive personal data of millions of Facebook users is leaked.
It seems like malicious hackers are now working over-time amid this COVID-19 outbreak as only a few days after when Zoom accounts were reportedly seen to be up for sale on the dark web, now it is the same situation for the social media giant Facebook.
The security research team at Cyble – the cyber risk assessment platform – reported that a “threat actor” has now put up a whopping 267 million Facebook users’ identities for sale on the dark web just for $540 only.
Cyble is the same security research firm which brought to light the much talked about event of over 500,000 Zoom accounts going up for sale on the dark web.
In December 2019, it was reported that the personal information of 267 million users was exposed via a misconfigured Elasticsearch server. These records mostly belonged to the United States users and included Facebook profiles with full names, the unique profile ID for each account along with a timestamp.
It is now being believed that it the same database that has now surfaced on the dark web and is being sold for the throwaway price.
This stolen data from Facebook’s social media platform, which is now up for sale, includes critical personal information of users such as profile links, full names, email addresses, phone numbers, age, date of birth, and more.
The only silver lining to this nightmare is the fact that this database doesn’t contain any user passwords. This has been confirmed by Cyble as they had to first go ahead and buy the database in order to analyze the data.
However, it should be noted that this leaked data could be potentially used to harm all the users whose information has been compromised. Hackers can very easily use this information to carry out various phishing and malware attacks.
The database that was exposed last year much like the one which is on sale right now, didn’t contain any user passwords. However, it didn’t have any email addresses either, which this particular database seems to contain.
Facebook currently has over 2.5 billion monthly users. Therefore such a huge security breach puts a lot of people in danger. That being said, this is not Facebook’s first introduction to data breaches and security mishaps.
The company’s most recent brushes with security breaches are the following:
In March 2019, it was reportedly found out that the company stored a humongous 600 million user passwords in plain text which was accessible to more than 20,000 Facebook employees.
In another incident right after March in April 2019, private data of 540 million Facebook users in plain text was exposed to the public due to an unprotected Amazon Web Services (AWS) S3 bucket in plain text.
Mr Beenu Arora who is the Chief Executive Officer and Founder of Cyble, in a statement, has said that as of right now their team hasn’t been able to figure out how the data got leaked in the first place. They are suspecting that it could have been a leakage in third-party API or scrapping.
He also added that all users should take note of this breach and now increase or tighten the privacy settings on their respective Facebook profiles. He also said to be extremely cautious when it comes to accepting friend requests or receiving messages from unknown people.
Nevertheless, now Facebook the social media behemoth, will have to go through another huge wave of bad press in the light of this news surfacing online along with once again losing the faith of its user base. We will keep you posted on all future developments.