Reports revealed that a hacker sold personal data of about 267 million
Facebook users for less than 50,000 Indian Rupees (only about 500 Euros).
The data includes name, phone numbers, dates of birth,
Facebook Ids, and email addresses of the users. However, the compromised
information did not include any user passwords, according to cybersecurity firm
Cyble.
Cyble, who was involved in the purchase, downloaded and
verified the data. “At this stage, we are not aware of how the data got
leaked at the first instance,” the security firm said.
It also said the leaked data could be as a result of scrapping or third-party API.
Cyble further revealed that since the data contained
sensitive information about the users, it could be used by cybercriminals for
spamming or phishing.
There were reports in December last year about a data breach of more than 267 million users. The compromised data contained names, email addresses and phone numbers of the users, as reported last year.
A blog post revealed later that the data was available for
download in a darknet forum after the hack.
At that time, a Facebook spokesperson responded that the
tech giant was seriously investigating the issue. He said the company wants to
find out the cause of the breach and possible solutions to prevent
exploitations. He, however, assured users that the compromised data were old information
available before Facebook made changes to provide improved protection.
Cambridge Analytical, a UK-based political consulting firm, harvested details of about 87 million Facebook user accounts last year with the consent of Facebook . That did not go down well with the public as the tech giant faced a lot of criticism bothering on human rights. As a result, the Federal Trade Commission (FTC) fined Facebook for $5 billion.
In November last year, Facebook confirmed that users’ data
have been accessed by about 100 app developers for the past few months. The
revelation raised another argument from the public as they believe the social
media giant is going against its policies to reveal users’ information without
their consent.
Facebook discovered that the apps, mainly video streaming
and social media management apps, retained access to user information. They
kept accessing information such as names and profile pictures from the user’s
application programming interface.
Apart from Facebook, some other platforms are also facing
similar challenges in security. The breaching incident of the Zoom
teleconferencing platform has been documented enough within the past few weeks.
Just last week, the Cyble security team revealed that cybercriminals dumped
more than 5 lakh credentials of those who participated in office conferences
through Zoom. The credentials were given away on the dark web for free.
The report also revealed that Cyble bought over 500,000 of those records from the hacking forum for almost free. Among the compromised data are details and credentials of some Zoom employees, including zoom host keys and personal meeting URLs.
Cyble later revealed that the credentials were valid. Some
of the owners of the compromised accounts were contacted and they confirmed
that the stolen information about their account was valid. From Cyble research
findings, most of the compromised accounts were hashed from old passwords that
have been changed by the user.
Cyble research team has advised users to beef up their
online security and remain more cautious during these times. The team
recommended users to improve their privacy settings on their Facebook profiles.
They should also be wary of unsolicited text messages and emails.