Millions of Facebook users' information just sold for cheap on the dark web
About how much hackers sold 267 million users' details for, at just 500 euros.
Details scraped from your Facebook page aren't even worth all that much on the dark web, it seems. Security researchers from Cyble announced this week that they'd obtained the information of 267 million Facebook users in a recent transaction with a 'threat actor.' And that entire batch cost them just 500 euros (roughly $543 USD).
The Cyble team says it was able to download and verify the information, and any users concerned that they may have been affected can check here to confirm. While it appears passwords were not exposed in this particular dump, personal information like names and email addresses can be used for phishing and spam attacks.
Facebook, get it together — If you recall, Facebook suffered an enormous security incident at the end of last year. Researchers at the time revealed they'd found a database of, yes, 267 million users unsecured online. It was speculated then that an illegal scraping operation or API abuse traced back to Vietnam was to blame. The database remained up for weeks and had already made it to hacker forums by the time it was shut down.
And now, here we are. Hackers can buy your Facebook information for less than $600. According to Cyble:
Yes, that’s true and scary at the same time. One of the threat actors have dropped an online bomb by dropping the identities of 267 Million Facebook Users for 500 Euros — the details include their EMAIL, FNAME, LNAME, PHONE, FACEBOOK ID, LAST CONNECTION, STATUS, AGE... At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scrapping. Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming.
Be extra cautious — Whether or not you were affected directly, it can't hurt to beef up your account security a bit considering Facebook's constant mishaps. Use a complex password, always have two-factor authentication enabled, and be wary of unsolicited texts and emails.