Over 267 million Facebook profiles are available for sale for €500 ($623) on dark web sites and hacker forums, though the archive does not include passwords.
The security researcher Bob Diachenko has uncovered the Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names. The archive was left exposed online for anyone to access without authentication.
While it’s not clear to whom the server did belong, the expert believes that it was owned by a criminal organization who stole the data using the Facebook API before it was locked down or via illegal scraping operation.
After Diachenko informed the internet service provider managing the IP address of the server about his findings, the server was taken offline.
However, soon after a second server was exposed by what appears to be the same criminal group from Vietnam containing the same data, plus an additional 42 million records. Shortly after the second server was discovered, it was attacked by an unknown party who left the message telling the owners to secure their data.
25 million of 42 million additional records contained Facebook IDs, phone numbers, and usernames, while 16.8 million of the new records included a broader range of information such as profile details, email addresses, and some other personal details.
Now researchers from cybersecurity intelligence firm Cyble discovered the sale of the whole database on the dark net.
“One of the threat actors have dropped an online bomb by dropping the identities of 267 Million Facebook Users for 500 Euros — the details include their EMAIL, FNAME, LNAME, PHONE, FACEBOOK ID, LAST CONNECTION, STATUS, AGE,” the researchers said.
The researchers said they still don’t understand how this database was compiled and leaked at the first instance, but given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming.