Over the weekend, researchers at cybersecurity intelligence firm Cyble came across a database with 267m Facebook user profiles being sold on the Dark Web.
Looking to verify the records and add them to the firm’s breach notification service, the researchers bought it … for the grand total of £500.
That works out to USD $540 — or about 0.0002 cents — per record. The records held Facebook users’ IDs, which are unique, public numbers associated with specific accounts that can be used to figure out an account’s username and other profile info. The records also included full names, email addresses, phone numbers, timestamps for last connection, relationship status and age.
Fortunately, there were no passwords exposed, but the breach still forms a perfect tool kit for an email or text phishing campaign that looks like it’s coming from Facebook itself. If enough users get fooled into clicking on spearphishers’ rigged links, it could lead to the exposure of even more, and more valuable, data.
How did the data get leaked? In a blog post, Cyble said that it doesn’t know, but its researchers suspect that the records could have either come from a leak in Facebook’s developer API or from scraping: the automatic sucking up of publicly available data (like the kind people often publicly post on Facebook and other social networks).
It keeps popping up
The story doesn’t stop there, however. In fact, it doesn’t begin there, either. It turns out that this same database had been posted before; spotted by security researcher Bob Diachenko; taken down by the ISP hosting the page; reappeared, fattened up with another 42 million records in an Elasticsearch cluster on a second server; and then been destroyed by unknown actor(s) who replaced personal info with dummy data and swapped in database names labelled with this advice: “please_secure_your_servers”.
Diachenko partnered with the tech comparison site Comparitech on this work last month. Comparitech said that the database was exposed for nearly two weeks, available online with no password protection, before it was taken down…….Read More>>