SUMMARY
Database of 267 Mn Facebook users is being sold online for around INR 42K
Threat intelligence platform Cyble exposed the incident
The data might have been gathered via web scraping or leakage in third-party API
In another incident of a breach, a database having personal data of over 267 Mn Facebook users was found to be sold online for around INR 42K. Threat intelligence platform Cyble, which recently exposed the sale of over 500K Zoom accounts, was the first to report about the Facebook breach.
In a blog, Cyble revealed that personal data including email addresses, names, Facebook IDs, dates of birth and phone numbers were available in the database. Cyble claimed that its researchers had verified the data by purchasing it only for reviewing purposes.
Meanwhile, Cyble reported that no passwords were exposed. But cybersecurity experts are of the view that the information is enough to fuel a multi-million dollar phishing scam. The available data can also help other hackers to churn out more information from other platforms too. “Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming,” Cyble said.
At this stage, Cyble is not aware of how the data got leaked. The US-based startup said that it might be due to web scraping or leakage in third-party application program interface (API). Web scraping is a common practice for the extraction of data from a website. It is used for competitor analysis, betting and market research.
Cyble, in the blog, recommended users to improve their privacy settings of Facebook profiles. It has also advised users to be cautious of unsolicited emails and text messages. “We are currently indexing the data at our dark web monitoring platform and retail users can access it via AmIbreached.com,” Cyble added.
When Will Facebook Ensure Data Security?
In a similar incident in December 2019, personal data of 267 Mn Facebook users were exposed on the internet without passwords or other authentication. Researchers have found that the database was most likely the result of an illegal scraping operation or a misuse of a Facebook API by hackers in Vietnam.
In response, Facebook had said that it is likely that the information was obtained before the changes it made in the past few years to protect people’s information.
In November 2019, Facebook itself revealed that around 100 application developers may have accessed users’ data while confirming that 11 such partners accessed private information. Incidents of data breaches are not only limited to Facebook but its subsidiaries — WhatsApp and Instagram — have also remained a part of the online data breach sage.
In October last year, WhatsApp was found to be involved in a data breach incident that compromised the privacy of over a dozen users, which included academicians, lawyers, journalists and activists across India. In this case, hackers used spyware named Pegasus to snoop data of WhatsApp users.
Pegasus was allegedly of stealing personal information from the mobile device of the world’s richest man — Jeff Bezos. The founder of Amazon had alleged Saudi Arabian authorities for orchestrating the hack. These incidents simply indicate how much Facebook cares about the security of data of its users.
