The personal data of more than 267 million Facebook accounts are for sale on the Dark Web. This information is available for only 500 euros…
A few days ago, the cybersecurity agency Cyble revealed that more than 500,000 Zoom accounts were on sale on the Dark Web. Now, researchers have just made another disastrous discovery in the far reaches of the dark web: more than 267 million Facebook profiles, on sale for only 500 euros.
On her blog, Cyble (Cyble blog: Providing real-time visibility to cyber threats and enabling organisations to ascertain 3rd party cyber risks.) Lists the personal data linked to each account: email addresses, names, Facebook identifiers, dates of birth and telephone numbers. All of this information can be purchased and downloaded via the Dark Web, and Cyble was able to verify its authenticity.
Fortunately, the passwords linked to these 267 million accounts are not on the run. On the other hand, this data may be enough to set up a phishing scam which can have far more unfortunate consequences.
Facebook Multiplies Data Leaks Over The Years
It is far from the first time that Facebook has suffered a data leak. In 2018, a hacker took control of 50 million accounts.
At the end of 2019, the identifiers of 267 million users (the same number as on the Dark Web today) were on the run. At the time, Facebook believed that this information was probably “obtained before changes were made in recent years to better protect personal information”.
At the moment, researchers cannot determine how the hackers were able to access the data. However, it is likely to be related to a leak from a third-party API or to “web scraping“: a practice of extracting data from a website as a local file.
In any case, if you are using Facebook, it is recommended that you change your password and make sure that you do not use this password on other websites. Also, consider using two-factor authentication to enhance the security of your account. Note that you can check if your account is compromised on the Dark Web via Cyble’s AmIBreached site at this address.