Posted on April 21, 2020 at 6:34 PM
Reports revealed that a hacker sold personal data of about 267 million Facebook users for less than 50,000 Indian Rupees (only about 500 Euros).
The data includes name, phone numbers, dates of birth, Facebook Ids, and email addresses of the users. However, the compromised information did not include any user passwords, according to cybersecurity firm Cyble.
Cyble, who was involved in the purchase, downloaded and verified the data. “At this stage, we are not aware of how the data got leaked at the first instance,” the security firm said.
It also said the leaked data could be as a result of scrapping or third-party API.
Cyble further revealed that since the data contained sensitive information about the users, it could be used by cybercriminals for spamming or phishing.
The data breach occurred in December last year
There were reports in December last year about a data breach of more than 267 million users. The compromised data contained names, email addresses and phone numbers of the users, as reported last year.
A blog post revealed later that the data was available for download in a darknet forum after the hack.
At that time, a Facebook spokesperson responded that the tech giant was seriously investigating the issue. He said the company wants to find out the cause of the breach and possible solutions to prevent exploitations. He, however, assured users that the compromised data were old information available before Facebook made changes to provide improved protection.
Facebook among corporations facing security challenges
Cambridge Analytical, a UK-based political consulting firm, harvested details of about 87 million Facebook user accounts last year with the consent of Facebook. That did not go down well with the public as the tech giant faced a lot of criticism bothering on human rights. As a result, the Federal Trade Commission (FTC) fined Facebook for $5 billion.
In November last year, Facebook confirmed that users’ data have been accessed by about 100 app developers for the past few months. The revelation raised another argument from the public as they believe the social media giant is going against its policies to reveal users’ information without their consent.
Facebook discovered that the apps, mainly video streaming and social media management apps, retained access to user information. They kept accessing information such as names and profile pictures from the user’s application programming interface.
Other platforms also facing security challenges
Apart from Facebook, some other platforms are also facing similar challenges in security. The breaching incident of the Zoom teleconferencing platform has been documented enough within the past few weeks. Just last week, the Cyble security team revealed that cybercriminals dumped more than 5 lakh credentials of those who participated in office conferences through Zoom. The credentials were given away on the dark web for free.
The report also revealed that Cyble bought over 500,000 of those records from the hacking forum for almost free. Among the compromised data are details and credentials of some Zoom employees, including zoom host keys and personal meeting URLs.
Cyble later revealed that the credentials were valid. Some of the owners of the compromised accounts were contacted and they confirmed that the stolen information about their account was valid. From Cyble research findings, most of the compromised accounts were hashed from old passwords that have been changed by the user.
Users have been advised to tighten security
Cyble research team has advised users to beef up their online security and remain more cautious during these times. The team recommended users to improve their privacy settings on their Facebook profiles. They should also be wary of unsolicited text messages and emails.