Over 1.5 billion Facebook users' personal data found for sale on hacker forum

3 years ago 326

Unrelated to different caller problems Facebook has had, this peculiar batch of information was scraped from profiles, meaning it's publically disposable knowledge. That doesn't halt it from being dangerous.

shutterstock-1152141662.jpg

Image: Shutterstock/Ink Drop

It's been a atrocious fewer days for Facebook. An outage affected each of its sites (and Oculus products), testimony from a whistleblower this week could enactment the institution backmost successful the ineligible hotseat, and present it's travel retired that backstage and idiosyncratic information from more than 1.5 cardinal Facebook users was recovered for merchantability connected a hacker forum.

Reported by privateness probe institution Privacy Affairs, the information recovered for merchantability doesn't bespeak that the seller really broke into Facebook's systems, nor that its information tied to immoderate different information breach. Instead, Privacy Affairs said that the information was allegedly obtained by scraping publically disposable information shared by Facebook users. 

SEE: Security incidental effect policy (TechRepublic Premium)

The information that the information stolen and for merchantability is publically disposable shouldn't easiness anyone's fears: That information tin inactive beryllium utilized to compromise users' information and privacy. In particular, the stolen information contains names, email addresses, locations, gender, telephone numbers and Facebook User ID information. Each spot of that information could hint an attacker into password situation answers, let them to intercept one-time login codes, phish, nonstop scam substance messages and more. 

There person been immoderate questions arsenic to the legitimacy of some the seller and the data, with 1 prospective purchaser saying they paid the idiosyncratic but ne'er received immoderate data. The seller denied the accusations, but arsenic of October 6 the station has been taken down, with a Facebook spokesperson saying the institution sent a takedown request. 

While the imaginable for this peculiar acceptable of information to beryllium exploited whitethorn person lessened acknowledgment to its removal from this peculiar forum, it's chartless if it could extremity up posted elsewhere oregon however galore buyers whitethorn person already purchased immoderate of it. There are a full of astir 3 cardinal radical connected Facebook, which means that information pertaining to up to fractional of them could beryllium successful the hands of atrocious actors. 

Privacy Affairs said the information they examined from samples provided connected the forums appears to beryllium legitimate. The seller claims their radical has been successful cognition for astatine slightest the past 4 years and has served much than 18,000 clients successful that time. Cross-checking the information against known Facebook leaks didn't bring up immoderate matches, which Privacy Affairs said could bespeak that this is each new, but legitimate, data. 

The information exposed successful this leak, if authentic, "may represent 1 of the biggest and astir important Facebook information dumps to date," Privacy Affairs laminitis and CEO Miklos Zoltan said. 

Scraping: A dangerously elemental mode to compromise privacy

Every spot of publically disposable information tin beryllium "scraped" by a bot and stored successful a database, spreadsheet oregon different benignant of file. That's not the lone instrumentality attackers use, though: They besides usage Facebook quizzes similar "Which quality from X amusement are you?" successful bid to harvest data. 

"Every clip idiosyncratic enters 1 of these surveys oregon quizzes, they licence the creators of these games to presumption their idiosyncratic Facebook accusation specified arsenic afloat name, email, telephone number, location, sex and more," said Zoltan. 

Because scraping lone requires information to beryllium available, Facebook users should guarantee they ne'er acceptable their profiles to public. It's besides a bully thought to spell done a Facebook privateness checkup to beryllium definite there's nary errant bits of information sneaking retired from places you thought were secure. 

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

In addition, ne'er instrumentality Facebook quizzes oregon assistance Facebook apps support to entree your idiosyncratic information. Only usage surveys, games and quizzes from known trustworthy sources. 

If your information was already scraped it whitethorn beryllium excessively late, but you tin fastener your relationship down present to forestall aboriginal accusation from being stolen. 

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article