Facebook may have been hit by another major data breach after the personal details of over 267 million profiles were found for sale online according to Hackread. The massive amount of data stolen included private details such as names, email addresses, Facebook IDs, dates of birth and phone numbers. This highly sensitive data and information was found by Hackread.com being sold on the dark web through a hacker forum. The information was put up for sale at $600 and analyzed by risk assessment platform Cyble, who authenticated whether the data was accurate or not.
According to a previous Hackread article, “70% of the US citizens are active on Facebook which means that out of the country’s total population of 327.2 million, roughly 232.6 million people are on Facebook.” So this has major implications for Facebook users and elongates their list of privacy, security, and legal issues. You can check if your information has been accessed in the breach and what information of yours is on the web through Have I Been Pwned.com.
According to Hackread, these records stolen mostly belonged to users in the United States and included Facebook profiles, full names, a unique ID for each account and timestamp. Although the stolen data does not contain passwords, the information available in the database could be used by the hackers to lure victims in through email or SMS based phishing campaigns to potentially gain access to more private information.
Researchers at risk assessment platform Cyble, bought the cache through the forum in order to verify its authenticity and to understand how it was stolen. While Cyble has not been able to pinpoint the source of this database yet, their CEO Beenu Arora told Hackread.com, “At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scrapping. Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming.” Arora also recommend users recheck the privacy and security settings of their Facebook accounts, and guard against interacting with unknown email or text messages related to social media accounts.
There is no evidence yet to suggest that the breach was recent and Facebook suggested that the information was probably accessed a long time ago before they updated their privacy and security settings recently. No passwords were accessed, but through the information accessed it is not very difficult for a cybercriminal to access what is left of your private information. Make sure to be weary when checking your emails or Facebook account because it could be a phishing scam.