The size of the system is directly proportional to the number of loopholes existing in it! This applies to Facebook, like no other company. The world’s largest social media platform is already under high pressure for privacy and fake news issues, and now, an unknown hacker is found selling over 267 million records of Facebook profiles on the dark web! The records didn’t contain account passwords but have identifiable information like the user’s full name, email address, and phone number if provided.
267 Million+ Records for Just $600
As if Facebook is not having enough aches, leakage of sensitive data is adding to it now. Bob Diachenko, a security researcher, has found an open database containing more than 267 million user records last month through an Elasticsearch scan. And when he informed the relevant ISP, they took down the server hosting that database. But, there’s yet another server brought online immediately, which has the same 267 million records plus another 42 million!
The database mostly contained the profiles of US citizens, and 16.8 million records of the entire database have email addresses, birthdate, and gender. The whole database was on sale for a price tag of £500 ($623) in hacking forums of the dark web. Cyble, a cyber intelligence firm who purchased to verify the database, agreed the database is adequate for conducting phishing and spamming related attacks.
Cyble and Bob Diachenko said they still don’t understand how this database was compiled and leaked and believes to be a mistake of third-party Facebook API leak or data scarping. Whatever, the records contained email addresses, name and phone numbers in few cases, which are enough to spoof users into phishing sites and steal their credentials for further hacks. Cyble recommends users to be aware of unsolicited emails and tightening their privacy settings on Facebook.